Happy New Year
As I was taking some time to reflect upon all that has happened in my life and the world around me during 2024, I thought of these words from Scripture found in Isaiah 9:6 – “For a child is born to us, a son is given to us. The government will rest on his shoulders. And he will be called: Wonderful Counselor, Mighty God, Everlasting Father, Prince of Peace.”
My wife and I welcomed three new grandchildren into our lives during 2024, two of our sons are now parents and “wow!” what a ride this has been so far! I always thought that I was protective of my own children, and yet, I find myself even more concerned for the well-being of my grandchildren – looking around our current world, I’m guessing you are experiencing some of the same feelings as we turn the page on 2025.
One of the biggest things I have found true is the cost of everything from diapers to formula to toys and books has gone up quite a bit over the last number of years; frankly, I was shocked at the cost of a package of diapers! I have always tried to keep a close eye on my personal finances and watch those pennies to avoid over-spending, but once again, it isn’t just about my own spending, it’s also about keeping a close eye on who else might be trying to “spend” my money.
Nope, not talking about my wife or others in my home – I’m talking about those fraudsters that are hard at work trying to pad their own financial picture at my expense. As we step into this new year with hope and excitement, it’s also a great time to protect what matters most — our personal information. Identity theft is a growing concern, but by staying vigilant and informed, we can safeguard ourselves.
Here are a few simple tips to help prevent identity theft in 2025:
- Monitor Your Accounts: Regularly check your bank and credit card statements for any suspicious activity. Very important to check the statement if you are needing to prove fraud.
- Use Strong Passwords: Create unique and strong passwords for each of your online accounts. Passphrases are also helpful and easy to remember – ie. “Fall is my favorite time of year” – the more characters that you can use, the better.
- Shred Personal Documents: Shred any sensitive papers before discarding them to avoid dumpster divers. Washington State Bank will be hosting another shred day this spring for your larger projects.
- Enable Two-Factor Authentication: Secure your accounts with an extra layer of protection. This is most commonly established by a text message to your phone or adding an authenticator from Google, Microsoft, etc – that produce a login code for you.
- Stay Wary of Phishing Scams: Always verify sources before sharing personal or financial information online. When your bank sends you a code and it has the following message: WE WILL NEVER ASK FOR THIS CODE, please take that seriously – no one from a financial institution needs to have access to your online banking.
To revisit my opening paragraph. Isaiah was writing about the coming Messiah – the child will establish a new, eternal government – He shall be called Wonderful Counselor, Everlasting Father, and Prince of Peace. Remember that He called us to be wise as serpents and gentle as doves – Part of wisdom is protecting yourself and your home from these various “serpents” looking to steal what you are working for in this life. Protect yourself and reap the benefits of peace in your homes. Don’t be a victim of identity theft in the new year or any year for that matter!
Let’s start 2025 with a plan to stay vigilant in our finances and prosperous in our lives! I look forward to sharing more of this new grandparent journey with you over the next year – and more ideas on making the financial parts of your lives work to your benefit! May God bless each of you as we begin the New Year of 2025!
Michael Herzog
President
A few months ago, I began a series on fraud and the tricks that fraudsters are using to access your personal information, bank accounts, and your life in many specific ways. I want to address another issue that works from two possible avenues of attack. As I talked about previously, the fraudsters want you to hurry – you need to respond quickly in order to protect yourself from some transaction that needs your approval or likely, denial. Let’s look at this scenario… You receive a text message similar to this from a number that is unfamiliar to you – “This is your bank’s security department (or fraud department) and we are requesting information about your recent purchase of $1,036.27 at Walmart. If this is not your transaction, please press this embedded link or call this number.” First of all, I would suggest that you contact your bank directly. At Washington State Bank, we do have automated alerts that go out to our customers via email, but it is unlikely that any bank would send you a random link to determine whether or not you have fraudulent activity. On my credit card, the automated system will send out an alert to me for suspicious activity, but it requires a simple confirmation of me texting back Yes or No . I am not asked to click a link and allow the fraudster to have access to my phone. By contacting your bank directly, you can speak with an employee and verify the activity, if it exists at all. Perhaps another good reason to bank in a local community bank, where live employees answer the phones and communicate with you in person. I know that at Washington State Bank our employees know our customers and are more than happy to assist you in situations where you are unsure as to what is going on with your accounts. Secondarily, don’t trust a random text message, even if you think it is from a number that you recognize. As former President Ronald Reagan used to say, “Trust, but verify.” Be suspicious of texts or even phone calls that are looking for you to give information to the caller. Here are some examples of items your bank shouldn’t be asking you to give them… Your account number. The bank has your account number, why would we need you to verify that information with us. If you call the bank, the bank should verify information so that we know it is you making the call, but we don’t call you and ask for your information. Your password. The password to your online or mobile banking is for you, the bank should NEVER need this personal information. If you think that the bank needs it, you’re not speaking with the bank. Your Authentication Code. When you receive a secure code from the bank in order to log on or do business electronically, there is NEVER a time that a bank employee would need that code. Multi-Factor Authentication is securing your business and doesn’t ever need to be shared with anyone. That is why the message attached to the code will say something like this… “9021009 is your one-time authentication code. Do not share it with anyone.” Remember, the fraudsters rely upon you hurrying, they count on you being concerned and making a mistake to give them information that they need to steal your funds. It is a lot like the old magician’s trick of having you focus on one thing so much so that you forget to take care of your information. Don’t fall for it! I made some suggestions in the first part of this series that are worth repeating here. If someone calls you from a familiar place and isn’t confirming information that you already know or are waiting to hear, hang up the phone and call that place directly. • Scammers are using technology that spoofs phone numbers – the caller-id may indicate it is from your local bank or the doctor’s office. Your bank will NEVER, EVER, ask for your specific account information – we already have that information. Bank’s do not know your PIN #s for cards, that is your information and is issued specifically to you. Your bank will NEVER, EVER need to ask you for a PIN number. Be careful with your card information. Scammers are very good at talking you into giving away specific information and making it seem like they already know the information. For example – the three digit card security number on the back of your cards. The conversation will go something like this… Scammer: I know that your card ends in 1234, and your expiration date is 08/27. Would you please give me the 3-digit code in order to verify your account? Person: Sure, it is 111. Criminals have access to so much of our data, the simple process of asking you questions is to gain your trust. Please don’t fall for this trick. Please take some time to be careful and thoughtful. Be safe with your online and smartphone life, it will save you a lot of heartache and frustration. Michael Herzog President
Last month I wrote about fraud occurring through your cell phone and the dangers associated with answering that call from an unknown number. In this edition I want to focus on your other online activity with your Personal Computer, Online Banking, and all of those wonderful websites that you purchase items that you must have. Email fraud is another one of those attacks that often catch people off-guard. Spoofing of emails is a leading tool used by fraudsters and often leads to big losses for individuals. Here are three very common types of email spoofs: Display Name Spoofing: The attacker uses a trusted name with a different email address (e.g., "John Smith fakeaddress@example.com"). Domain Spoofing: The attacker forges the entire email to look like it’s coming from a legitimate domain (e.g., johnsmith@trustedcompany.com). Reply-to Spoofing: The attacker manipulates the "Reply-to" field to redirect responses to their email address. The simplest rule that I have learned to defeat email spoofing is to NEVER CLICK ANYTHING IN AN EMAIL SENT TO ME . For example, I make purchases at Amazon, Office Depot, Kohl’s and other online retailers, oftentimes, I receive confirmation from the retailer that I have made a purchase, and it includes a receipt. Many people assume that email is secure between themselves and the sender – in reality there are many programs running on the internet that are glancing at those messages and finding information. This little bit of information alerts the scammers that I do business with that company – and it also gives them my email address. So, about a couple of days later I receive an email from Customerservice@khls.com. If I’m not paying attention and only see the Kohl’s logo, I am inclined to click the link that they provided me to fix my recent purchase or to guide me to their site to steal my login information for my Kohl’s account. If you are speed reading this article – you likely missed the subtle change in the DOMAIN of the email that I received from khls.com, not kohls.com. I learned a long time ago, because I was a victim of fraud, that I no longer click any email links or open any email attachments from companies. I will simply go to the company website and login to my account in order to confirm the information that I’m being told is so very important. Remember, also, that the fraudsters rely upon rushing you into a rapid response to their email or phone message. IF YOU HURRY – YOU’LL BE SORRY… Let me give you a few quick suggestions on dealing with email and keeping yourself safe with your home computer. Use a Secure and Reputable Email Provider: Choose an email provider like Gmail, Outlook, or Yahoo that offers robust built-in security features, including SPF, DKIM, and DMARC protection. Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your email account by enabling MFA. This requires a second verification step (like a text message or authentication app) to access your account. Recognize Spoofed Emails: Be cautious with emails that: a. Urge immediate action or sound too good to be true. b. Contain spelling errors or unusual language. c. Have suspicious links or attachments. d. Hover over links to see the actual URL before clicking. 4. Keep Your System Updated a. Regularly update your operating system, browser, and email client to protect against known vulnerabilities. b. Use antivirus software to scan for malware that may arrive via email attachments. If you follow the simple rules, you can avoid being taken advantage of by the myriads of scams that appear in your email Inbox on a daily basis – sometimes multiple times per day. Take some time to sign up for an ID Theft program to have an extra set of eyes for your online health. We offer a great product at Washington State Bank called ID Theftsmart – it is an inexpensive way to protect your financial life. There are many good companies that provide similar services, and I would strongly encourage you to take advantage of the offerings before you fall victim to identity theft or fraud. One last suggestion…use a Credit Card for all of your online activity. It adds one more layer of protection away from your personal banking accounts that are accessed via your debit card. There is much lower risk to your financial health in using a credit card for your purchases. All the best as you keep yourself safe from all of the bad actors out on the internet and your email inbox. Michael Herzog President
Every single day the fraudsters are looking for ways to infiltrate your defenses and to take advantage of your weakness. Think for a moment about all of the SPAM phone calls that you receive – the kind that block their numbers from caller-id, the kind that come up on your caller-id as a “local” number, the kinds of calls that you are unsure as to whether you should even answer the phone. Allow me to make a simple suggestion. IF YOU DON’T RECOGNIZE THE NUMBER – DON’T ANSWER THE CALL! A legitimate caller will leave you a voice message. A legitimate caller won’t keep calling your phone. A legitimate caller doesn’t make multiple calls in a row without leaving a message. I hear customers say things like the following: I didn’t want to miss a call from my doctor or healthcare provider. I was sure that the number was someone that I knew. The caller-id said that it was a federal agency (FBI, DHS, FTC). The same caller was on my phone 2 or 3 times in an hour. The biggest danger that we face is in answering the phone and beginning a conversation with a potential scammer. Trust me when I say, the person that is calling you is well-rehearsed, extremely convincing, and they will immediately make you feel that you must do something right now to help them or to remove yourself from the trouble they suggest you are involved in. Scammers utilize an appeal to authority and time pressure to make you afraid. They use this fear to get you to do what they ask of you. They will tell you a story about unclaimed property, or cash prizes, or even that you are helping law enforcement with an investigation of your bank. All of these stories are false, but they have just enough truth and a lot of correct sounding jargon to make you believe that you are doing something good that will benefit you. They may even send you to the bank and ask you to keep them on the phone, telling you that the bank employees are going to suggest that you are involved with a fraud – that’s all part of their hook. Finally, the scammer will ask you to buy Pre-Paid gift cards after withdrawing cash from your bank – and to reveal the numbers on the back of the card to them. IF YOU DO THIS – YOUR MONEY WILL BE GONE! There is no Identity Theft Protection that will keep you from doing this on your own. Please take the time to think through answering your phone. I have an old friend who used to say, “I have a phone for my convenience, I don’t answer the phone unless I know who is calling me.” Allow me to make some simple suggestions that may very well keep you safe from the myriad of scammers… If someone calls you from a familiar place and isn’t confirming information that you already know or are waiting to hear, hang up the phone and call that place directly. · Scammers are using technology that spoofs phone numbers – the caller-id may indicate it is from your local bank or the doctor’s office. Your bank will NEVER, EVER, ask for your specific account information – we already have that information. Bank’s do not know your PIN #s for cards, that is your information and is issued specifically to you. Your bank will NEVER, EVER need to ask you for a PIN number. Be careful with your card information. Scammers are very good at talking you into giving away specific information and making it seem like they already know the information. · For example – the three digit card security number on the back of your cards. The conversation will go something like this… · Scammer: I know that your card ends in 1234, and your expiration date is 08/27. Would you please give me the 3-digit code in order to verify your account? · Person: Sure, it is 111. Criminals have access to so much of our data, the simple process of asking you questions is to gain your trust. Please don’t fall for this trick. In closing this piece. Remember the old rule, “If it sounds to good to be true, it probably is.” Even the biggest prize company in the world – Publisher’s Clearing House states that they will never call you, email you, send mail to you – they will show up at your home when you are the winner. No legitimate organization needs you to send them money in order to investigate another organization. All of these people are attempting to take advantage of you and steal your money. And sadly, once you withdraw cash and give it to them – IT IS GONE FOREVER! Please be safe in this increasingly dangerous world. Michael Herzog President
