Skip Navigation Download Acrobat Reader 5.0 or higher to view .pdf files.
Merchants Bank of Commerce
 

Alerts & Scams

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, credit or debit card number, without your permission, to commit fraud or other crimes. Identity theft can happen to anyone, but there are steps you can take to minimize your risk of becoming a victim.
Scam of the Week - The information provided below belongs to and is provided by KnowBe4 and is intended for informational purposes only.
February 7, 2020: Coronavirus Phishing Attacks
The global threat of the coronavirus has everyone’s attention, and the cybercriminals are already taking advantage of it. The bad guys are using the coronavirus as clickbait so they can spread malware and steal your personal information.

They’ve crafted their phishing emails to look like they’re coming from health officials such as doctors or national agencies, such as the Center for Disease Control and Prevention. Some of these emails suggest clicking a link to view information about “new coronavirus cases around your city”. Other emails suggest downloading the attached PDF file to “learn about safety measures you can take against spreading the virus”. Don’t fall for it! If you click the phishing link, you’re brought to a webpage that is designed to steal your personal information. If you download the PDF file, your computer will be infected with malware.

Always remember: Never click on a link or download an attachment that you weren’t expecting. Because of the alarming subject matter, the bad guys expect you to click or download without thinking. STAY ALERT! Don’t be a victim.
 
January 31, 2020: Goodbye Windows 7, Hello Social Engineering Scams
Recently, Microsoft announced they will no longer be supporting their Windows 7 operating system. This means there will be no further updates to Windows 7. The bad guys are using this situation to their advantage. They will randomly contact you by phone, emails, or pop-ups and try to convince you to pay yearly fees, or they’ll insist that they need remote access to your computer so they can install “necessary” software. You’ll lose your money if you mistakenly pay the fake fees, but if you grant the scammers access to your computer, your personal information and identity are at risk.

Follow the tips below to help protect yourself from these types of scams:
 
  • Microsoft support does not call customers. If anyone calls you and claims that they are from Microsoft, this is a big red flag. Hang up the phone and ignore the request. If you want to speak with a legitimate customer support agent, go to Microsoft’s website and find the company’s customer support phone number.
  • If a computer pop-up urgently claims that your computer needs an update to it’s version of Windows 7...don’t fall for it! The bad guys add flashy pop-ups to websites to trick you into thinking your computer is at risk. Do not click on the pop-up or call any numbers that are listed. This is a scam!
  • Do not share your credit or debit card information with anyone that calls you. Never use a debit card to make online purchases, and only give someone your credit card data when you have initiated the phone call and you’re sure the number is valid.
January 24, 2020: Cybercriminals Are Using Microsoft’s Sway Application in Phishing Scams

Most business environments trust the Microsoft brand and the bad guys often use this to their advantage. Now, they’ve figured out how they can use Microsoft’s Sway application to steal your login details. Sway is used to create online presentations that are hosted on Microsoft-owned domains that you can share with anyone by sending a link.

The phishing attack typically starts with an email that is disguised as a “New Fax Received” or “New Voicemail” notification. You’re instructed to click a link in the email to view the message. If you click the link you’re brought to a fake Microsoft login page that looks just like the real thing. Even the web address looks legitimate! That’s because the login page is actually a presentation that was created with the Sway application. If you mistakenly enter your login details here, the criminals will steal this information and your account will be at risk.

Remember the following to protect yourself from these types of attacks:

  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from a person of an organization that you’re familiar with, the sender’s email address could be spoofed.
  • Whenever you need to log in to an account or online service that you use, always navigate to the login page yourself using your browser, rather than clicking on links in an email.
  • Get familiar with the format of your fax and voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
January 17, 2020: Watch Out for “Free Gift” Scams
Watch out! Cybercriminals are posing as a mail carrier company that claims to have a “free gift” waiting for you.

They start by sending a shipment notification email. The email includes a tracking code and other details about your package. If you click on the link in the email and enter your tracking code into this webpage, you’re told that the package has arrived in your country but you must pay a very small delivery fee before you can claim it. If you fall for this offer and enter your payment details, your financial information is stolen and your “free gift” is never mentioned again.

Here are a few reminders to help protect yourself from scams like this:
 
  • Beware of free gifts. If it sounds too good to be true, it probably is. Delete suspicious emails or follow the reporting procedures put in place by your organization.
  • Be cautious of courier emails. Delivery notification emails are often used in phishing attacks. Even if the email appears to be from a familiar organization, reach out to the sender directly (by phone) to get a trustworthy tracking number.
  • “HTTPS” does not equal “secure”. These days, many cybercriminals are using “HTTPS” websites for their scams because most people look for a padlock in the address bar. However, the padlock does not guarantee that you’re on a legitimate website, it only means that you’re on a website that has obtained an HTTPS certificate.
  • Don’t click. Never click on links or download attachments from emails you weren’t expecting–even if it appears to be from a legitimate organization.
January 10, 2020: Post-Holiday Shopping Scam
The holiday season has come and gone, but the bad guys are here to stay. Scammers are still using holiday shopping deals to lure you in. They’re posing as popular retailers and sending dangerous emails and text messages that tell you to claim the reward points that you’ve supposedly earned with your holiday purchases.

The bad guys use logos and company colors to make the emails and text messages look legitimate. Don’t fall for it! If you click the phishing links in these emails or text messages, you are actually downloading malware to your computer or phone. This malware allows the criminals to gain access to your device; therefore, leaving your personal information at risk.

Always remember: Never click on a link that you weren’t expecting. If you receive an email from a retailer or service that you use, log in to your account through your browser (not through links in the email) to make sure it’s valid.
 
January 3, 2020: PayPal “Unusual Activity” Phishing Scam

The bad guys are trying to steal your personal and financial information again. Their latest scam is a phishing email that appears to come from your PayPal account.

Here’s how it works:
1. The phishing email claims that an unknown device has accessed your PayPal account, and to protect your account and your money, you have to “verify your identity” by clicking a link and following verification steps.
2. After clicking the link, you’re brought to a webpage that instructs you to complete a CAPTCHA prompt, where you must enter a code and then click a button to continue “securing your account”.
3. Finally, you’re brought to a fake PayPal login page to enter your PayPal login credentials. If you enter your credentials, you’re then instructed to submit personal and financial details, and even the login information for your email account.

If you submit your login credentials or personal information, your PayPal account can now be taken over by the bad guys, and your account and personal data are at risk.
Remember these tips to keep your PayPal account–and other online accounts–safe:
  • Never click on links in an email you weren’t expecting.
  • When you receive an email asking you to log in to an account or online service that you use, log in to your account through your browser–not through links in the email. This way, you can ensure you’re logging in to the real website.
  • Do not reuse passwords. If you use the same password for different accounts and one gets hacked, they all are.
December 27, 2019: That Free “Star Wars: The Rise of Skywalker” Download You Found Online? It’s a Scam!
If you’re looking to stream or download blockbuster movies when they’re still in theaters, you probably shouldn’t. Why not? Well, first and foremost, this is called piracy and it is illegal. Secondly, any “free downloads” you do find will likely be a scam.

Following the release of the newest movie in the Star Wars saga, cyber scammers are creating fake websites and social media accounts that appear to be affiliated with the official film franchise. The sites and social media accounts offer free streams or downloads of the blockbuster film–all you have to do is sign up for an account. Don’t fall for it! If you enter your credit card details during account setup, this information will be stolen and your “free download” will actually be malicious malware.

These criminals have managed to get their dangerous websites to show as a top result in popular search engines, and they use social media to spread their “free download” links all across the web. Always remember the following to keep yourself safe from these scams:
  • Never download anything from an unfamiliar or questionable website. Especially if the download could be stolen and, therefore, illegal material.
  • Never give information to a website you can’t trust. Even if you don’t enter credit card data, simply creating an account makes your email address more vulnerable to future scams–especially phishing attacks.
  • Never click on an unexpected or suspicious link. If it seems too good to be true, it probably is!
December 20, 2019: Office 365 “New Voicemail” Attack
Due to its popularity, Microsoft’s Office 365 is often spoofed in phishing attacks. Recently, the bad guys are trying a new angle in their Office 365 phishing emails. They're sending what appears to be "New Voicemail" email notifications. The emails look legitimate, with the help of a Microsoft or Office 365 logo and details about the fake voicemail, such as the caller’s phone number and the length of the message. To increase their chances of success, the bad guys are using two different emails:
 
1. One email includes a fake play button with a link that you’re instructed to click on to listen to your message.
2. The other email includes an HTML attachment that you’re instructed to open to listen to your message.
 
If you click on the phishing link or open the HTML attachment, you’ll be redirected to a fake login page that appears to be the Microsoft Office 365 login portal. If you mistakenly enter your credentials here, they’ll be immediately stolen.

Remember the following to protect yourself from these types of attacks:
 
  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from a person of an organization that you’re familiar with, the sender’s email address could be spoofed.
  • If you’re already logged into your email account, you shouldn’t be prompted to log in again, this is a red flag. Before you enter sensitive information on any page, check the domain name. Make sure that the website you are on is correctly spelled and not mimicking a well known brand or company.
  • Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
 
 
 

Lost your ATM/Debit card? We can help.