Skip Navigation Download Acrobat Reader 5.0 or higher to view .pdf files.
Merchants Bank of Commerce
 

Alerts & Scams

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim.
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only.
January 17, 2020: Watch Out for “Free Gift” Scams
Watch out! Cybercriminals are posing as a mail carrier company that claims to have a “free gift” waiting for you.

They start by sending a shipment notification email. The email includes a tracking code and other details about your package. If you click on the link in the email and enter your tracking code into this webpage, you’re told that the package has arrived in your country but you must pay a very small delivery fee before you can claim it. If you fall for this offer and enter your payment details, your financial information is stolen and your “free gift” is never mentioned again.

Here are a few reminders to help protect yourself from scams like this:
 
  • Beware of free gifts. If it sounds too good to be true, it probably is. Delete suspicious emails or follow the reporting procedures put in place by your organization.
  • Be cautious of courier emails. Delivery notification emails are often used in phishing attacks. Even if the email appears to be from a familiar organization, reach out to the sender directly (by phone) to get a trustworthy tracking number.
  • “HTTPS” does not equal “secure”. These days, many cybercriminals are using “HTTPS” websites for their scams because most people look for a padlock in the address bar. However, the padlock does not guarantee that you’re on a legitimate website, it only means that you’re on a website that has obtained an HTTPS certificate.
  • Don’t click. Never click on links or download attachments from emails you weren’t expecting–even if it appears to be from a legitimate organization.
January 10, 2020: Post-Holiday Shopping Scam
The holiday season has come and gone, but the bad guys are here to stay. Scammers are still using holiday shopping deals to lure you in. They’re posing as popular retailers and sending dangerous emails and text messages that tell you to claim the reward points that you’ve supposedly earned with your holiday purchases.

The bad guys use logos and company colors to make the emails and text messages look legitimate. Don’t fall for it! If you click the phishing links in these emails or text messages, you are actually downloading malware to your computer or phone. This malware allows the criminals to gain access to your device; therefore, leaving your personal information at risk.

Always remember: Never click on a link that you weren’t expecting. If you receive an email from a retailer or service that you use, log in to your account through your browser (not through links in the email) to make sure it’s valid.
 
January 3, 2020: PayPal “Unusual Activity” Phishing Scam

The bad guys are trying to steal your personal and financial information again. Their latest scam is a phishing email that appears to come from your PayPal account.

Here’s how it works:
1. The phishing email claims that an unknown device has accessed your PayPal account, and to protect your account and your money, you have to “verify your identity” by clicking a link and following verification steps.
2. After clicking the link, you’re brought to a webpage that instructs you to complete a CAPTCHA prompt, where you must enter a code and then click a button to continue “securing your account”.
3. Finally, you’re brought to a fake PayPal login page to enter your PayPal login credentials. If you enter your credentials, you’re then instructed to submit personal and financial details, and even the login information for your email account.

If you submit your login credentials or personal information, your PayPal account can now be taken over by the bad guys, and your account and personal data are at risk.
Remember these tips to keep your PayPal account–and other online accounts–safe:
  • Never click on links in an email you weren’t expecting.
  • When you receive an email asking you to log in to an account or online service that you use, log in to your account through your browser–not through links in the email. This way, you can ensure you’re logging in to the real website.
  • Do not reuse passwords. If you use the same password for different accounts and one gets hacked, they all are.
December 27, 2019: That Free “Star Wars: The Rise of Skywalker” Download You Found Online? It’s a Scam!
If you’re looking to stream or download blockbuster movies when they’re still in theaters, you probably shouldn’t. Why not? Well, first and foremost, this is called piracy and it is illegal. Secondly, any “free downloads” you do find will likely be a scam.

Following the release of the newest movie in the Star Wars saga, cyber scammers are creating fake websites and social media accounts that appear to be affiliated with the official film franchise. The sites and social media accounts offer free streams or downloads of the blockbuster film–all you have to do is sign up for an account. Don’t fall for it! If you enter your credit card details during account setup, this information will be stolen and your “free download” will actually be malicious malware.

These criminals have managed to get their dangerous websites to show as a top result in popular search engines, and they use social media to spread their “free download” links all across the web. Always remember the following to keep yourself safe from these scams:
  • Never download anything from an unfamiliar or questionable website. Especially if the download could be stolen and, therefore, illegal material.
  • Never give information to a website you can’t trust. Even if you don’t enter credit card data, simply creating an account makes your email address more vulnerable to future scams–especially phishing attacks.
  • Never click on an unexpected or suspicious link. If it seems too good to be true, it probably is!
December 20, 2019: Office 365 “New Voicemail” Attack
Due to its popularity, Microsoft’s Office 365 is often spoofed in phishing attacks. Recently, the bad guys are trying a new angle in their Office 365 phishing emails. They're sending what appears to be "New Voicemail" email notifications. The emails look legitimate, with the help of a Microsoft or Office 365 logo and details about the fake voicemail, such as the caller’s phone number and the length of the message. To increase their chances of success, the bad guys are using two different emails:
 
1. One email includes a fake play button with a link that you’re instructed to click on to listen to your message.
2. The other email includes an HTML attachment that you’re instructed to open to listen to your message.
 
If you click on the phishing link or open the HTML attachment, you’ll be redirected to a fake login page that appears to be the Microsoft Office 365 login portal. If you mistakenly enter your credentials here, they’ll be immediately stolen.

Remember the following to protect yourself from these types of attacks:
 
  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from a person of an organization that you’re familiar with, the sender’s email address could be spoofed.
  • If you’re already logged into your email account, you shouldn’t be prompted to log in again, this is a red flag. Before you enter sensitive information on any page, check the domain name. Make sure that the website you are on is correctly spelled and not mimicking a well known brand or company.
  • Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
December 13, 2019: “Your Subscription Has Ended” Netflix Phishing Campaign

Since most people are familiar with the popular streaming service, the bad guys often use Netflix as bait in phishing attacks. One recent Netflix scam starts with an email claiming that you’ve missed a payment and that your subscription has ended. You’re instructed to use the links in the email to log in to your account and fix your billing information.

The emails in this particular phishing campaign usually include misspellings and improper grammar. But if you fail to notice these clues and proceed to click the link in the email, you’re brought to a fake login page. The login page looks legitimate and so does the page where you’re told to enter your payment card details.

Don’t fall for it! Remember the following to help stay safe online:

  • Never click on links in an email you weren’t expecting.
  • When you receive an email asking you to log in to an account or online service that you use, log in to your account through your browser–not through links in the email. This way, you can ensure you’re logging into the real website.
Be wary of emails with spelling or grammar errors, especially when it supposedly came from a reputable source.
 
December 6, 2019: PayPal Becomes the Most Popular Phishbait

If you use PayPal for online shopping or services, you probably receive emails from them on a regular basis. But be warned: Hackers are now impersonating PayPal in their phishing emails more than any other brand.

The attackers are sending various types of emails claiming that you need to log in to your PayPal account. If you click on links in these emails, you’ll likely be brought to a fake login page, where your credentials will be stolen if you attempt to log in.

Follow these tips to keep yourself safe from PayPal and other brand impersonation attacks:

  • Never click on links in an email you weren’t expecting.
  • When you receive an email asking you to log in to an account or online service that you use, log in to your account through your browser–not through links in the email. This way, you can ensure you’re logging into the real website.
  • Be sure that your PayPal password or passphrase follows secure password guidelines. Search the web to find password tips and recommendations, or contact the appropriate department in your organization for password pointers.
November 29, 2019: Safety Tips for Black Friday and Cyber Monday Scams
Are you ready for the biggest online shopping weekend of the holiday season? The bad guys certainly are. So while you’re looking for the best Black Friday and Cyber Monday deals, make sure you’re also on the lookout for holiday shopping scams.

Be aware of the following scams and safety tips to protect yourself this holiday season:
  • Never click on links in emails. There are thousands of fake sites that look almost identical to the real thing. If you want to shop a website that you frequent, always navigate to the site by typing the web address in your browser rather than clicking on a link in an email.
  • Don’t open attachments with special offers. This is a classic scam. If the email presents a valid offer, you shouldn’t have to open an attachment or click on a link.
  • Watch for malicious ads and pop-ups. Do not click on ads that sound too good to be true, and ignore pop-ups that make “best deal ever” claims.
  • Beware of e-skimmers. This is a new scam to watch out for. Have you heard of criminals skimming your credit card information from gas stations or ATMs? Well, now fraudsters are skimming credit card data during online checkouts. Use trusted sources such as PayPal or Amazon to avoid this type of data loss.
  • Whenever possible, use a credit card for online shopping. Never use your debit card to make purchases online. If you encounter fraudulent charges on your debit card, it’s not always possible to get a refund. Whereas, most credit card issuers offer greater protection against fraudulent charges.
  • Do not shop over public Wi-Fi. Never send sensitive data over free or public wi-fi networks. You can’t be sure if the network is secure, or if others are spying on your online session. If you must use public wi-fi, be sure to use a VPN connection which encrypts your information.
  • Be very cautious of “free offers” during the holidays. During this time of the year, there’s a huge spike in all types of survey fraud and gift card scams.
  • Do not reuse any of your passwords. Not just during the holidays; practice this tip all year long. Reusing any of your passwords is an invitation to get hacked. Instead, use a password manager to create hard-to-break passwords.
  • Keep a close eye on your credit card and bank accounts. During the holiday season and all year long–monitor your credit card and bank statements. Unexpected charges are typically the first sign that your card, or even your whole identity has been stolen. If you think you’ve been scammed, stay calm and call your credit card company.
  • Be especially suspicious of gift card scams. They can be a perfect holiday gift, but gift card scams are skyrocketing. Only buy gift cards from trusted sources.
 
 
 

Lost your ATM/Debit card? We can help.