Skip Navigation Download Acrobat Reader 5.0 or higher to view .pdf files.
Merchants Bank of Commerce
picture of locks on a screen

Alerts & Scams

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim. 
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only
May 29, 2020: Exploiting the Coronavirus: Malicious Zoom Installer
Whether you’re working from home or trying to stay in touch with loved ones, video conferencing apps like Zoom are becoming the new normal. Cybercriminals have exploited this type of application before, but their latest scam may be the trickiest yet.

Scammers are sending out phishing emails with links to download the latest version of Zoom. When clicked, the link takes you to a third-party website–not the official Zoom site–to download an installer. If you download and run the file, the program truly does install Zoom. The trick is, the installer also places a remote access trojan (RAT) on to your computer. This RAT gives cybercriminals the ability to observe everything you do on your machine. This includes keylogging (saving what you type), recording video calls, and taking screenshots–all of which can be used to steal your sensitive information.

Don’t fall victim to this scam! Remember the following:
  • If an email directs you to install or update an application, do not click on the link in the email. Instead, go directly to the official website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
  • When using a work device, reach out to your IT department before installing any software. They can check that the application is legitimate and safe.
May 22, 2020: Exploiting the Coronavirus: Phony COVID-19 Tracking
Countries around the world are developing COVID-19 tracking applications for mobile devices. These apps use digital tracking to help identify and notify users who have been in contact with someone diagnosed with the virus. Only a handful of countries have released this kind of app to the public, but cybercriminals are already using them as inspiration for scams.
 
The bad guys are sending phishing emails and smishing attacks (phishing via text messages) claiming that you have been in contact with someone diagnosed with Coronavirus. The message insists that you get tested and it includes a link that supposedly leads to a website where you can sign up for more information. The truth is, the link takes you to a malicious website that is designed to steal any information you enter and deliver it to the bad guys. Don’t be fooled!

Remember these tips:
 
  • Never click on a link from an email or text message that you weren’t expecting–even if it appears to be from a legitimate organization.
  • Think before you click. The scammers are expecting an impulsive click.
  • Stay up-to-date on local regulations and containment efforts through official government websites and trusted news sources.
May 15, 2020: Exploiting the Coronavirus: From Unemployed to Money Mule
Due to the Coronavirus crisis, unemployment numbers have skyrocketed. As usual, the bad guys are quick to take advantage of these hard times and are sending out phony work-from-home opportunities. Typically, these phishing emails contain grammar mistakes and offer minimal details about the hiring company and the job requirements. But the scammers still manage to grab your attention because the job opportunity includes a great paycheck.
Once accepted, these scammers ease the victim into their new "job", by asking them to complete basic errands, but eventually they’re given the task of transferring funds from one account to another. Typically, these are stolen funds and the unsuspecting "employee" is being used as a money mule. Even though these victims are unaware of the crime they are committing, they can still face hefty fines and prison time.

Remember these tips and share them with your friends and family who may be looking for work:
  • Be wary of emails with spelling or grammatical errors.
  • Never trust unusual requests or job offers. If something doesn't feel right, it probably isn't.
  • If you feel you have been solicited to be a money mule, contact your local authorities or report the situation to the appropriate federal agency.
May 8, 2020: Exploiting the Coronavirus: Netflix is More Popular Than Ever - Especially with Cybercriminals
Long before the COVID-19 pandemic, bad guys were spoofing Netflix emails in an attempt to collect your sensitive information. With more and more people looking for at-home entertainment, Netflix has gained over 15 million new subscribers. Cybercriminals are happily taking advantage of this larger audience!
Netflix themed phishing attacks can vary from phony email alerts accusing you of non-payment to offering you free streaming access during the pandemic. Both of these strategies include a link that takes you to a fake Netflix page designed to gather your information and deliver it to the bad guys.

Use the following tips to stay safe:
  • These types of scams aren’t limited to Netflix. Other streaming services like Disney+ and Spotify are also being spoofed. Remember that if something seems too good to be true, it probably is.
  • Never click on a link that you weren’t expecting. Even if it appears to be from a company or service you recognize.
  • When an email asks you to log in to an account or online service, log in to your account through your browser - not by clicking the link in the email. This way, you can ensure you’re logging into the real website and not a phony look-alike. 
May 1, 2020: Exploiting the Coronavirus: Smishing Violation!
Governments across the globe have created restrictions to help reduce the spread of Coronavirus. These regulations change often and vary by country, region, and city. So knowing exactly what is expected of you can be a challenge. It’s no surprise that the bad guys are taking advantage of this confusion!
 
Cybercriminals are using text messaging, or short message service (SMS), to pose as a government agency. The message says you have been seen leaving your home multiple times and as a result you are being fined. They urge you to click on their official-looking link to pay this "fine" online. If you click the link, you’ll be taken to a payment page where you can give your credit card details directly to the bad guys!
 
This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing because criminals know how to spoof their phone number to appear as though they're calling from an official source. Be careful!

Here’s how to stay safe from this smishing attack:
 
  • Think before you click. The bad guys want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
  • Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
  • Stay informed during this confusing time by following local news, government websites, and other trusted sources.
April 24, 2020: Exploiting the Coronavirus: Re-opening your organization? The bad guys have a plan!
Recently, some countries have chosen to lift restrictions that were originally put in place to control the spread of COVID-19. Beware! The bad guys are already taking advantage of this news. They have crafted a well-written phishing email that appears to come from the VP of Operations in your organization. The message claims that your organization has a plan for reopening, and it instructs you to click on a link to see this plan. Clicking the link opens what appears to be a login page for Office365, but don’t be fooled! If you enter your username and password on this page, you would actually send your sensitive credentials directly to the bad guys.
 
Here’s how to protect yourself from this clever attack:
 
  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.
  • When an email asks you to log in to an account, do not click the link in the email. Instead, go directly to the website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
  • This attack tries to exploit the restlessness and uncertainty of life in quarantine. Don’t let the bad guys toy with your emotions. Think before you click.
April 17, 2020: Exploiting the Coronavirus: Fear of Infection
During this storm of COVID-19 phishing scams, the bad guys love posing as your trusted Human Resources department. One recent HR scam started with an overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a mess of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.
 
The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. Who could it be? Wasn’t Bill coughing last week? I just have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to quietly steal data through your organization’s network. Don’t be fooled!
 
Remember these tips:
 
  • Watch for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
  • Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source. 
  • When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.
April 10, 2020: Exploiting the Coronavirus: Is the CDC Closing Your Facility?
As the COVID-19 pandemic rages on, the bad guys find increasingly creative ways to weaken your defenses. The newest phishing trend is an email that appears to be from the CDC (Centers for Disease Control and Prevention). The email has an intense subject line: “NOTICE OF CLOSING YOUR FACILITY AND DISINFECT NG THE AREA - BY NCDC WH 20982 COV-19 Due To Recent Corona Virus COVID-19 Pandemic.”

You’re instructed to download an attachment which is supposedly a letter from the CDC claiming that they will close your facility. If you download the file, you’d find that it is actually a malicious program designed to gain access to your company’s sensitive information. Don’t be tricked!

How to beat the bad guys:
  • Think before you click. These malicious actors are playing with your emotions and this threat relies on panicked clicking.
  • Never click a link or download an attachment from an email you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
  • If you receive a suspicious email that claims to be from an official organization such as the CDC or WHO (World Health Organization), report the email to the official organization through their website.
April 3, 2020: Exploiting the Coronavirus: Fear of Infection
The newest Coronavirus-themed phishing attack may be the most ruthless yet. The cybercriminals are sending emails that appear to be from a hospital and warn that you have been exposed to the virus through contact with a colleague, friend, or family member. Attached to the email is a “pre-filled” form to download and take with you to the hospital. Don’t be fooled. The attachment is actually a sophisticated piece of malware. This threat relies on panic and fear to bypass rational thinking. Don’t give in!

Remember to stay vigilant:
  • Think before you click. The bad guys rely on impulsive clicking.
  • Never download an attachment from an email you weren’t expecting.
  • Even if the sender appears to be from a familiar organization, the email address could be spoofed.
March 27, 2020: Working From Home? Don’t Fall for This “Phony” Call
The Coronavirus Disease 2019 (COVID-19) pandemic has caused a massive shift in the number of employees who are working remotely. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams.

One scam involves cybercriminals calling you and posing as support personnel from the companies or services that your organization may be using to allow you to work remotely. Typically, the caller will try to gain your trust by stating your job title, email address, and any other information that they may have found online (or on your LinkedIn profile). Then, the caller claims that they will send you an email that includes a link that you need to click for important information. Don’t fall for this scam!

Remember the following to help protect yourself from these types of scams:
 
  • Never provide your personal information or work information over the phone unless you’re the one who initiated the call.
  • Scammers can spoof any number they’d like. Therefore, even if a call looks like it’s coming from a legitimate source, it could be a scam.
  • If you receive this type of call, hang up the phone immediately and notify the appropriate team in your organization.
March 20, 2020: Safeguard Your Personal Data During the 2020 Census Season
It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.

By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!

This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:
 
  • If you receive an email to complete the 2020 Census survey, delete it! The U.S. Census Bureau will only send the official survey notification by mail, or if your survey response is late, an official Census Bureau worker may come to your home to ensure you have received the census.
  • If a Census Bureau worker visits your home, verify that they are who they claim to be. A valid ID badge should have the worker’s photograph, a U.S. Department of Commerce watermark, and an expiration date. If you’re still unsure, call your Regional Census Center and speak with a Census Bureau representative.
  • Remember, the Census Bureau will never ask for the following: your Social Security number, your bank account or credit card numbers, anything on behalf of a political party, donations, or money. 
woman using an ATM

Lost your ATM/Debit card? We can help.