Automated Teller Machine (ATM) skimmers are fake card readers and cameras attached to a real ATM. Scammers can quickly read a card’s information and use it to access your account fraudulently. With a small device, your card’s information gets stored so that criminals can easily use it at a later time.

Skimmers may be installed on an ATM, resembling the machine itself. A small device goes over the normal card reading slot and reads your card’s magnetic stripe. Skimmers can also be handheld devices that a dishonest merchant can keep in his or her pocket. For example, when charging your card while you are out at dinner, for example, a scammer can run your card through a skimmer as well.

Organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the Personal Identification Number (PIN). The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. At the same time, a wireless camera may be disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries. The criminals sit nearby in a car receiving the information transmitted wirelessly from the equipment they install. The thieves copy the cards and use the PIN to withdraw thousands from many accounts in a very short time.

Tips When Using an ATM or Point-Of-Sale (POS) Terminal:

• Inspect ATMs, POS terminals and other card readers before using. Look for anything loose, crooked, damaged, or scratched. Don’t use any card reader if you notice anything unusual.
• Pull at the edges of the keypad before entering your PIN. Then, cover the keypad when you enter your PIN to prevent cameras from recording your entry.
• Use ATMs in a well-lit, indoor location, which are less vulnerable targets.
• Be alert for skimming devices in tourist areas, which are popular targets.
• Use debit and credit cards with chip technology. In the U.S., there are fewer devices that steal chip data versus magnetic strip data.
• Avoid using your debit card when you have linked accounts. Use a credit card instead.
• Contact your financial institution if the ATM doesn’t return your card after you end or cancel a transaction.
• If you see card skimming device, do not use the ATM and report it immediately to your financial institution using the phone number on the front of the ATM.

Phishing is a new twist on an old telemarketing scam, but uses e-mail. In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email (via a link within the email) or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested. These criminals send e-mails to millions of people hoping that even a few will give away valuable information such as their usernames, passwords or credit card numbers. The criminal then uses this information to steal the victim’s identity.

Examples of Phishing Messages
Examples of phishing emails, texts, or pop-ups may have messages such as:

“We suspect an unauthorized transaction has occurred on your account. To help ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

When sending these types of messages, the senders are phishing for your information so they can use it to commit fraud.

To avoid becoming the victim of a phishing scam, Bank Irvine offers the following tips:

• Do not click on links within an email unless you are sure of the sender. Many phishing emails include company logos or appear to come from government agencies, and appear legitimate. However, the links take you to a fraudulent website that has been set up to look and feel just like the legitimate site. Check the URL carefully for differences in spelling, or go directly to the known website without using the link. You may often find an alert on the legitimate site warning that a phishing email has been circulated by fraudsters.
• Never give out your personal or financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
• Do not respond to emails that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the validity of the email using a telephone number or web address you know to be genuine.
• Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves use small transactions in hopes that they will go unnoticed. These small transactions are also used to test the bank account and routing numbers for future use. Report discrepancies immediately.
• When submitting financial information online, look for the padlock or key icon at the bottom of your Internet browser. Also, most secure Internet addresses, though not all, use “https” in the URL.
• If you are a victim of an online or email crime, immediately file a report with the Internet Crime Complaint Center referenced at the bottom of this page.
• For attempted fraud that did not result in the loss of money, you should file a complaint with the Federal Trade Commission. The FTC cannot resolve individual complaints but will share your complaint with local, state, federal, and foreign law enforcement partners. Your complaint might be used to investigate cases or in a legal proceeding.
• If you believe your banking information has been disclosed, contact Bank Irvine @(949)892-1999 or Operations@BankIrvine.com immediately so we can help protect your account and your identity. Forward phishing emails portraying to be Bank Irvine, then delete the email from your system.

Remember: Legitimate businesses do not ask for sensitive information through unsecure channels.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel

A new email scam targeting taxpayers has emerged. According to the Taxpayer Advocacy Panel (TAP), taxpayers are receiving emails that appear to be from TAP about a tax refund. These emails are a phishing scam, trying to trick unsuspecting victims into providing personal and financial information. Do not respond or click the links in them. If you receive an email that appears to be from TAP regarding your personal tax information, forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests and does not have access to, any taxpayer’s personal and financial information such as Social Security and PIN numbers or passwords and similar information for credit cards, banks or other financial institutions.

IRS-Impersonation Telephone Scam

An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.

Note that the IRS will never:

1. Call to demand immediate payment, nor will the agency call about taxes owed – generally, the IRS will first mail you a bill;
2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe;
3. Require you to use a specific payment method for your taxes, such as a prepaid debit card;
4. Ask for credit or debit card numbers over the phone; or
5. Or threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but now the IRS is receiving new reports of scammers calling under the guise of verifying tax return information over the phone.

Scam artists call saying they have your tax return, and they just need to verify a few details to process your return. The scam tries to get you to give up personal information such as a Social Security number or personal financial information, such as bank numbers or credit cards.

Mortgage fraud continues to be one of the fastest-growing crimes in the United States. Traditional mortgage fraud includes situations in which consumers, lenders, brokers or real estate agents falsify information to obtain a mortgage. Consumers should never sign mortgage documents that have incomplete or inaccurate information. If you have any information regarding suspected mortgage fraud, please contact us at (949) 892-1999.

• If someone gives you a check or money order and asks you to send money somewhere in return, it’s a scam. That is not how legitimate sweepstakes operators or other companies operate. If you have really won, you will pay taxes directly to the government. Legitimate mystery shopper or account manager jobs do not involve using money transfer services to send money.
• A familiar company name doesn’t guarantee that it is legitimate. Criminals often pretend to be from well-known companies to gain a person’s trust. Find the company’s contact information independently, online or through directory assistance, and contact them yourself to verify the information.
• The check or money order may be fake even if your bank lets you have the cash. You have the right to get the cash quickly, usually within 1-2 days, but your bank cannot tell if there is a problem with the check or money order until it has gone through the processing system to the person or company that supposedly issued it. Sometimes that can take weeks. By the time the fraud is discovered, the perpetrator has pocketed the cash and left you responsible for covering the charge. When the check or money order is returned unpaid, you will have to pay the money back to your bank. You are responsible because you are in the best position to know if the person who gave it to you is trustworthy. If you don’t pay the money back, your account could be frozen or closed, and your credit may be affected. Some victims are even charged with fraud.
• Sending money using a money transfer service is like sending cash – once the perpetrator picks it up you can’t get it back from the service. It’s not like a check that you can stop after you’ve given it to someone or a credit card charge that you can dispute. However, if the money has not been picked up yet, you may be able to stop the transaction. Contact the money transfer service immediately if you think you have been scammed.

• Be suspicious of any offer made by telephone, on a website or in an email that seems too good to be true.
• Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
• Do not respond to an unsolicited e-mail that promises some benefit but requests personal identifying information.
• Beware of ‘work from home’ schemes that are offered on career websites. If they are asking you to open accounts or move money for the company, this is most likely a scam.

Malware is software designed to harm or exploit any programmable device, service or network. Cybercriminals typically use it to disrupt computer operation, gather sensitive information (e.g., financial data, healthcare records, personal emails and passwords, etc.) or gain unauthorized access to computer systems. Malware is usually distributed through malicious websites, emails and software.

Examples of malware include computer viruses, spyware, ransomware, worms, trojan horses and other malicious programs. Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Typical methods of attack: email attachments, malicious advertisements on popular sites, fake software installations, infected USB drives, infected apps, phishing emails, and even text messages.

Bank Irvine offers the following tips to help reduce the potential release of malware into your computer or network:

• Keep security patches and anti-virus signatures up to date.
• Only open email or instant message attachments that are expected and come from a trusted source.
• Have email attachments scanned by anti-virus programs prior to opening.
• Delete all unwanted messages without opening.
• Do not click on web links sent by an unknown party.
• If a person on your ‘Friends List’ is sending strange messages, files or website links, terminate your instant message session immediately.
• Scan all files with an Internet Security solution before transferring them to your system.
• Only transfer files from a well-known source.

Corporate account takeover (CAT) is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, target small and medium sized businesses to obtain access to their online banking credentials or to seize remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.

The steps of a typical Corporate Account Takeover include:

• Target victims
• Install malware
• Monitor online banking
• Collect and transmit data
• Initiate funds transfer

As a business owner, it is your responsibility to understand how to take proactive steps to avoid, or at least minimize threats.

• If possible, use a dedicated computer for financial transactional activity. The purpose of having a separate computer is to avoid general web browsing and email on this machine.
• Install host-based firewall software on all computers.
• Ensure that anti-virus/spyware software is installed, functional and updated with the most current version.
• Use the latest versions of internet browsers, such as Microsoft Edge, Firefox or Google Chrome with ‘pop-up’ blockers.
• Apply operating system and application updates (patches) regularly.
• Turn off your computer when you are away from your desk, or at least block access to your network by using the Control + Alt + Delete function.
• Review your banking transactions daily and credit report at least annually.
• Do not batch-approve transactions; be sure to review and approve each item individually.
• Educate your employees – You and your employees are the first line of defense against a corporate account takeover. A strong security program paired with employee education about warning signs, safe practices, and responses to a suspected takeover is essential to protecting your company and customers.