CONSUMER ALERT: ‘Credential Harvesting’ Phishing Scams

Tuesday, July 31 at 02:00 PM
Category: Arvest News

Consumers need to be aware that credential harvesting phishing scams are on the rise.

As part of this phishing scam, criminals are sending personalized email messages with an alarming subject line, such as “Card Deactivation.” The emails include a button to “cancel” the deactivation process, which, once clicked, takes victims to a fake web page that requests user IDs, passwords, and answers to their security questions. Here some other commonly used subject lines used in these scams:

  • Online Banking Alert: Your Account will be Deactivated
  • Dear Valued Customer
  • Failed Package Delivery
  • Reviewing Payments
  • Serious Issues

Arvest Bank would like to remind our customers Arvest will never email, text, or call you unsolicited to ask for account information, social security numbers, online banking credentials, or other sensitive information.

What to Do

If you get an email that appears to be from Arvest Bank and is asking you to click a link and enter data, do not respond.

  • If you received an e-mail like this and entered your personal information, please contact us immediately at (866) 931-9743 so that we can protect your account.
  • If you received an e-mail like this, but did not divulge confidential information, please notify us via email at reportfraud@arvest.com. If possible, please include the original e-mail that you suspect is part of the phishing scam. 

Phishing scams come in a variety of forms. Although most are similar to this one, involving a spoofed email alert, others come in the form of customer service surveys, telephone calls, or even cell phone text messages. Please be aware that while most phishing scams direct you to fake websites, others may ask you to call a phone number where an automated phone system prompts you to divulge confidential information.

While it can be difficult to identify spoofed email messages, websites, and automated phone systems, it is not difficult to know if any of the above may be related to a fraudulent phishing scam. The key is knowing that legitimate businesses do not send messages to customers prompting them to divulge confidential information. If you receive such a message, no matter how genuine it may appear, assume it to be fraudulent and please notify the legitimate business immediately. 

Please visit our Consumer Protection section for information on identity theft, fraud, scams and online threats.

This post was updated on 8/2/2018

Tags: Fraud Alert
 

Asked to pay by gift card? It’s a Scam!

Tuesday, July 17 at 09:00 AM
Category: Personal Finance

Arvest Bank is warning consumers about scams related to gift cards.

According to the Federal Trade Commission (FTC), many people are being targeted by scammers asking for payment in the form of gift cards. These scammers may call people claiming to be with the IRS, or tech support, or a so-called family member in need. If you’ve gotten a call like this, you know that the caller will then demand the gift card numbers and PIN.

And, poof, your money is gone.

Scammers are good at convincing people there really is an emergency, so lots of people have made the trip to local merchants to buy gift cards to send these callers. And scammers love gift cards – it’s one of their favorite ways to get your money. These cards are like giving cash – and nearly untraceable, unless you act almost immediately.

Here’s the most important thing for you to know: anyone who demands payment by gift card is always a scammer.

Gift cards are for gifts, not payments. If you’ve bought a gift card and lost money to someone who might be a scammer, tell the company who issued the card. (The contact info might be on the card, but might require some research). Tell them their card was used in a scam. If you act quickly enough, they might be able to get your money back. But – either way – it’s important that they know what happened to you. And then please tell the FTC about your loss by visiting www.ftc.gov/complaint*. Your report helps the FTC try to shut the scammers down.

How to Report Fraud Related to Your Arvest Accounts

  • To report Identity Theft, financial fraud or an unauthorized transaction in your account, please contact Customer Service immediately at (866) 952-9523.

  • To report a lost or stolen credit, debit or ATM card, please contact Customer Service immediately at (866) 952-9523 or by using our Contact Us page.

  • To report a suspicious email, phone call or text message, please forward the suspicious email to, or send a message to: reportfraud@arvest.com.

Source: FTC

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.

 

 

 

Tags: Financial Education, Fraud Alert, Gift Cards, Privacy and Security
 

Online Love Can Have Financial Risks

Thursday, April 12 at 02:00 PM
Category: Personal Finance

Arvest Bank is warning consumers about scams related to online dating

Millions of Americans use dating sites, social networking sites, and chat rooms to meet people. Many form successful relationships, but romance scammers also use these sites to meet potential victims. They create fake profiles to build online relationships, and eventually convince people to send money in the name of love.

According to the Federal Trade Commission, thousands of reports are made each year about scammers who create fake online relationships only to steal their victims’ money.

Unfortunately, an online love interest who asks for money is almost certainly a scam artist. Caution should be used when a newly formed relationship partner begins to ask for money.

The FTC has created a new infographic, developed with the American Bankers Association Foundation, which lists common signs of online dating scams and what to do if someone you meet online asks you for money. Victims may be embarrassed to talk about their experiences, but consumers can help one another by sharing this information. A simple phone call, email or text, saying “Look what I just found” and sharing this information may make a difference in someone else’s life.

How to Report Fraud Related to Your Arvest Accounts

  • To report Identity Theft, financial fraud or an unauthorized transaction in your account, please contact Customer Service immediately at (866) 952-9523.
  • To report a lost or stolen credit, debit or ATM card, please contact Customer Service immediately at (866) 952-9523 or by using our Contact Us page.
  • To report a suspicious email, phone call or text message, please forward the suspicious email to, or send a message to: reportfraud@arvest.com.

Below are specific tips from the FTC to identify a scammer in an online dating environment:

 

 

Tags: Financial Education, Fraud Alert
 

Tech Support Scams

Monday, April 17 at 09:35 AM
Category: Personal Finance

In a recent twist, scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. But the purpose behind their elaborate scheme isn’t to protect your computer – it’s to steal your identity or/and to make money.

How Tech Support Scams Work
Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans*, and send alarming messages to try to convince you your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.
 
The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”
 
Once they’ve gained your trust, they may:
  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Try to enroll you in a worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords.
  • Direct you to websites and ask you to enter your credit card number and other personal information.
Regardless of the tactics they use, their purpose is to steal your identity or/and to make money.

If You Get a Call
If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.
 
Keep these other tips in mind:
  • Don’t give control of your computer to a third party who calls you out of the blue.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. 
  • If you want tech support, look for a company’s contact information on their software package or on your receipt.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.
  • If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
  • Never give your password on the phone. No legitimate organization calls you and asks for your password.
  • Put your phone number on the National Do Not Call Registry*, and then report illegal sales calls*.
If You’ve Responded to a Scam
If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
  • Get rid of malware*. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you paid for bogus services with a credit card, call your credit card provider and ask if they can reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
  • If you believe someone may have accessed your personal or financial information, visit the FTC’s identity theft website*. You can minimize your risk of further damage and repair any problems already in place.
  • File a complaint with the FTC at ftc.gov/complaint*.
How to Spot a Refund Scam
If you paid for tech support services, and you later get a call about a refund, don’t give out any personal information. The call is almost certainly another trick to take your money.
 
The refund scam* works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund. Or, the caller may say the company is going out of business and providing refunds for “warranties” and other services.
 
In either case, the scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account. If you get a call like this, hang up, and report it at ftc.gov/complaint*.

Conclusion
You don’t need to be a victim of a tech support scam. Learn how these scams work, so you can detect them for what they are and protect yourself.

Information courtesy of Federal Trade Commission Consumer Information.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.  

Tags: Consumer Protection, Financial Education, Fraud Alert, Privacy and Security, Technology
 

Fraud Targets Small Businesses: Don't Be a Victim

Wednesday, February 08 at 05:25 AM
Category: Business Banking

While large firms may have sophisticated technology and staff dedicated to thwarting crime, many small businesses don't — and scammers know this. Here are ways to protect yourself:

Be on guard against inside jobs. This includes employee theft or misuse of cash, merchandise or equipment as well as fraud. "Minimize risks through steps such as pre-employment background checks, automated inventory tracking systems, audits, and clearly outlined policies for personal use of computers and other business equipment," said Luke W. Reynolds, chief of the FDIC's Outreach and Program Development Section. "Also, carefully select who handles revenue from customers, pays the bills and reviews account statements. And, ensure that there are procedures in place to detect and deter fraud."

Watch out for fraudulent transactions and bills. Scams can range from consumer payments with a worthless check or a fake credit or debit card to fraudulent returns of merchandise. Be sure you have insurance to protect against risks. Also ignore offers to buy lists of federal grant programs. To learn more about protecting your business, consult your local Small Business Administration District Office*. 
 
Electronic fraud by third parties can be very costly to businesses, so take them seriously. The FDIC has seen an increase in reports of unauthorized electronic transfers made from bank accounts held by small businesses. 
 
"The most common and dangerous scam for small businesses is account takeover," said Michael Benardo, chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "By sending fake emails and using fake websites to deliver malicious software, such as keystroke loggers, fraudsters may be able to obtain the IDs and passwords for online bank accounts and then make withdrawals from accounts."
 
According to federal law enforcement, businesses are increasingly targeted by business email compromise (“BEC”) fraud where perpetrators, posing as business executives or vendor partners, use compromised or spoofed email accounts to request fraudulent wire transfers or make changes in payment instructions for invoices. Federal agencies recommend separately confirming such communications and not relying solely on email to conduct financial transactions.
 
Because businesses are generally not covered by federal consumer protections against unauthorized electronic fund transfers, a bank likely will not be responsible for reimbursing losses associated with the theft from the account if it says that negligence on the part of the business, such as falling for a common scam, was a factor.
 
Also equip your computers with up-to-date anti-virus software and firewalls (to block unwanted access). Make backup copies of critical business data on every computer. Also monitor account balances regularly, perhaps daily, to look for suspicious or unauthorized activity.
 
And, don't click on links in or attachments to an unsolicited email that asks for confidential information, even if it appears to be from a company you do business with or the government. Legitimate organizations won't request that kind of information in an email. When in doubt, go to another source to find the organization's contact information so you can independently confirm the validity of the request.
 
Be proactive about protecting your small business from ill-intentioned people by learning what scams they use and how to not fall victim to those tactics. 

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution. 

Tags: Arvest Biz, Business Banking, Fraud Alert, Privacy and Security

Choose one or more categories to subscribe to:

Cancel