What is Financial Malware and How to Protect Yourself

Tuesday, July 18 at 11:00 AM
Category: Personal Finance

What is Financial Malware?

Everywhere you turn today you seem to be bombarded with news coverage concerning the urgency of combating cybercrime, bad actors and hackers. There are many variations of malicious software, or “malware,” but financial malware, as its name implies is written specifically to commit financial fraud.

Cybercriminals use a variety of methods to infect their victims with malware including sending them email messages containing infected attachments or links to infected websites.

Once the victim is infected, the malware monitors the victim’s activity and may steal online banking credentials and other personal information using keystroke logging or screen shots images. 

In some cases, hackers may use the victim’s own web browser to collect sensitive information (e.g., the victim's PIN) by adding extra fields to legitimate online forms or by changing website wording and messaging, or by triggering legitimate-looking pop-up forms in real-time.

Financial malware may redirect the victim to a fake website designed to mimic a legitimate bank website. As the victim enters their credentials, the malware then redirects them into the legitimate site, potentially triggering a SMS or other second-factor authentication code that the Trojan can then capture via the fake website.

How to Protect Yourself
 
Most threats still need user interaction to infect a potential victim’s system. For this reason, becoming aware of these threats and diligently taking extra precautions can significantly reduce the risk of becoming a victim of cybercrime.  
 
  • Keep your operating system, web browser and other software up to date.
     
  • Make sure your computer has both an anti-spyware protection program that detects and removes spyware and an anti-virus program. Keep both programs updated. Scan your computer for viruses and spyware on a regular basis.
     
  • Be very protective of your personal account information. There are criminals who try to trick you by creating sites that look similar to real sites. The best way to know who you are dealing with is to type the address in your browser address bar; don’t click on a link that’s provided to you via email.
     
  • Do not open attachments in email messages if you do not know the sender or weren’t expecting the message. Attachments can contain viruses and spyware.
     
  • Avoid logging into password protected websites, such as online banking or email services from public computers. Instead, use trusted or secured networks.
     
  • Avoid downloading apps to your mobile phone from unofficial stores and pay attention to the permissions requested by apps before their installation.
     
  • Always sign off from sessions and close your browser after using password protected websites. 
     
  • Avoid using unencrypted email to conduct financial transactions or send sensitive information.
     
  • If you suspect your computer may be infected or that your online banking credentials may have been compromised, contact your bank and change your password from a different trusted computer. Contact a computer security professional for assistance in removing malicious software.
     
  • Regularly review your bank account activity and immediately notify your bank if you notice suspicious transactions in your account.
Tags: Consumer Protection, Financial Education, Privacy and Security, Technology
 

Helpful Tips to Protect Your Business from ID Theft and Fraud

Wednesday, May 10 at 06:10 AM
Category: Business Banking
With an increasing number of businesses operating online in addition to traditional means, it is critical that both consumers and business owners know how to help protect themselves from identity theft and fraud. Fraud not only can ruin the shopping experience, but have disastrous and long-lasting effects for a business. Even if your company doesn’t conduct retail business online, it is important to protect your private business information and data. 
 
  • Limit what you carry. When you go out, take only the identification, and business credit or debit cards you need.
  • Lock your financial documents and records in a safe place, such as a safe or locked file cabinet that only you have access to. 
  • Before you share information with vendors, ask why they need it, how they will safeguard it, and the consequences of not sharing.
  • Protect your company documents. Shred receipts, credit applications and offers, insurance forms, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.
  • Install anti-virus software, anti-spyware software, and a firewall on all company computers. Set your preference to update these protections often.
  • Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.
  • Before you send your business information via your laptop or smartphone over a public wireless network in a public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.
  • Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished.
For more extensive information on privacy and identity protection, visit www.ftc.gov* and look for the ‘Tips & Advice’ tab. If you’re interested in fraud prevention services for your business that includes theft-resolution and account monitoring services, Arvest offers ACH Fraud Block and ChecXchange® with some of its business services. To learn more, visit www.arvest.com and select Fraud Prevention under the ‘Business’ tab. 
 
Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Arvest Biz, Business Banking, Privacy and Security
 

Tech Support Scams

Monday, April 17 at 09:35 AM
Category: Personal Finance

In a recent twist, scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. But the purpose behind their elaborate scheme isn’t to protect your computer – it’s to steal your identity or/and to make money.

How Tech Support Scams Work
Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans*, and send alarming messages to try to convince you your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.
 
The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”
 
Once they’ve gained your trust, they may:
  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Try to enroll you in a worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords.
  • Direct you to websites and ask you to enter your credit card number and other personal information.
Regardless of the tactics they use, their purpose is to steal your identity or/and to make money.

If You Get a Call
If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
 
Keep these other tips in mind:
  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. 
  • If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry*, and then report illegal sales calls*.
If You’ve Responded to a Scam
If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
  • Get rid of malware*. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you paid for bogus services with a credit card, call your credit card provider and ask if they can reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
  • If you believe someone may have accessed your personal or financial information, visit the FTC’s identity theft website*. You can minimize your risk of further damage and repair any problems already in place.
  • File a complaint with the FTC at ftc.gov/complaint*.
How to Spot a Refund Scam
If you paid for tech support services, and you later get a call about a refund, don’t give out any personal information. The call is almost certainly another trick to take your money.
 
The refund scam* works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund. Or, the caller may say the company is going out of business and providing refunds for “warranties” and other services.
 
In either case, the scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account. If you get a call like this, hang up, and report it at ftc.gov/complaint*.

Conclusion
You don’t need to be a victim of a tech support scam. Learn how these scams work, so you can detect them for what they are and protect yourself.

Information courtesy of Federal Trade Commission Consumer Information.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Consumer Protection, Financial Education, Fraud Alert, Privacy and Security, Technology
 

Fraud Targets Small Businesses: Don't Be a Victim

Wednesday, February 08 at 05:25 AM
Category: Business Banking

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don't — and scammers know this. Here are ways to protect yourself:

Be on guard against inside jobs. This includes employee theft or misuse of cash, merchandise or equipment as well as fraud. "Minimize risks through steps such as pre-employment background checks, automated inventory tracking systems, audits, and clearly outlined policies for personal use of computers and other business equipment," said Luke W. Reynolds, chief of the FDIC's Outreach and Program Development Section. "Also, carefully select who handles revenue from customers, pays the bills and reviews account statements. And, ensure that there are procedures in place to detect and deter fraud."

Watch out for fraudulent transactions and bills. Scams can range from consumer payments with a worthless check or a fake credit or debit card to fraudulent returns of merchandise. Be sure you have insurance to protect against risks. Also ignore offers to buy lists of federal grant programs. To learn more about protecting your business, consult your local Small Business Administration District Office*. 
 
Electronic fraud by third parties can be very costly to businesses, so take them seriously. The FDIC has seen an increase in reports of unauthorized electronic transfers made from bank accounts held by small businesses. 
 
"The most common and dangerous scam for small businesses is account takeover," said Michael Benardo, chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "By sending fake emails and using fake websites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts."
 
According to federal law enforcement, businesses are increasingly targeted by business email compromise (“BEC”) fraud where perpetrators, posing as business executives or vendor partners, use compromised or spoofed email accounts to request fraudulent wire transfers or make changes in payment instructions for invoices. Federal agencies recommend separately confirming such communications and not relying solely on email to conduct financial transactions.
 
Because businesses are generally not covered by federal consumer protections against unauthorized electronic fund transfers, a bank likely will not be responsible for reimbursing losses associated with the theft from the account if it says that negligence on the part of the business, such as falling for a common scam, was a factor.
 
Also equip your computers with up-to-date anti-virus software and firewalls (to block unwanted access). Make backup copies of critical business data on every computer. Also monitor account balances regularly, perhaps daily, to look for suspicious or unauthorized activity.
 
And, don't click on links in or attachments to an unsolicited email that asks for confidential information, even if it appears to be from a company you do business with or the government. Legitimate organizations won't request that kind of information in an email. When in doubt, go to another source to find the organization's contact information so you can independently confirm the validity of the request.
 
Be proactive about protecting your small business from ill-intentioned people by learning what scams they use and how to not fall victim to those tactics. 

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Arvest Biz, Business Banking, Fraud Alert, Privacy and Security
 

Avoiding Identity Theft

Monday, December 05 at 09:00 AM
Category: Personal Finance

Tips for a safer shopping experience and additional ideas to help avoid identity theft.

LOWELL, Ark. – In addition to being one of the biggest shopping months of year, December is also Identity Theft Prevention and Awareness Month. 

Because an increasing number of people shop online in addition to traditional means, it is critical consumers know how to help protect themselves from identity thieves. These attacks not only can ruin the holiday shopping experience, but have disastrous and long-lasting effects on credit and bank accounts long after the holidays have passed.

The Bureau of Justice Statistics estimated that more than 17 million U.S. residents age 16 or older were victims of at least one incident of identity theft in 2014.

Below are some tips created by the Federal Trade Commission that can help consumers avoid such an unfortunate event.

- Lock your financial documents and records in a safe place at home, and lock your wallet or purse in a safe place at work.

- Limit what you carry. When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home.

- Before you share information at your workplace, a business, your child's school, or a doctor's office, ask why they need it, how they will safeguard it, and the consequences of not sharing.

- Shred receipts, credit applications and offers, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.

- Destroy the labels on prescription bottles before you throw them out. Don’t share your health plan information with anyone who offers free health services or products.

- Take outgoing mail to post office collection boxes or the post office. Promptly remove mail that arrives in your mailbox. If you won’t be home for several days, request a vacation hold on your mail.

- Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.

- Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device.

- Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online.

- Use strong passwords with your laptop, credit, bank, and other accounts. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.

- If you post too much information about yourself via social media, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites.

- Keep a close hold on your Social Security number and ask questions before deciding to share it. If someone asks you to share your SSN or your child’s, ask: why they need it, how it will be used, how they will protect it, and what happens if you don’t share the number. 

- Install anti-virus software, anti-spyware software, and a firewall. Set your preference to update these protections often.

- Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.

- Before you send personal information over your laptop or smartphone on a public wireless network in a public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.

- Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished.

For more extensive information on privacy and identity protection, visit www.ftc.gov* and look for the ‘Tips & Advice’ tab. If you’re interested in the kind of identity-theft protection that includes theft-resolution and file-monitoring services, Arvest offers Family IDProtect® with some of its checking accounts. To learn more about Arvest Bank and Family IDProtect®, visit www.arvest.com and select Family IDProtect® under the ‘Personal’ tab.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.

Tags: Consumer Protection, Financial Education, IDProtect, Press Release, Privacy and Security

Choose one or more categories to subscribe to:

Cancel