Where do you go for your Title and License Service or Sticker Renewals?

A few months ago, I began a series on fraud and the tricks that fraudsters are using to access your personal information, bank accounts, and your life in many specific ways. I want to address another issue that works from two possible avenues of attack. As I talked about previously, the fraudsters want you to hurry – you need to respond quickly in order to protect yourself from some transaction that needs your approval or likely, denial. Let’s look at this scenario… You receive a text message similar to this from a number that is unfamiliar to you – “This is your bank’s security department (or fraud department) and we are requesting information about your recent purchase of $1,036.27 at Walmart. If this is not your transaction, please press this embedded link or call this number.” First of all, I would suggest that you contact your bank directly. At Washington State Bank, we do have automated alerts that go out to our customers via email, but it is unlikely that any bank would send you a random link to determine whether or not you have fraudulent activity. On my credit card, the automated system will send out an alert to me for suspicious activity, but it requires a simple confirmation of me texting back Yes or No . I am not asked to click a link and allow the fraudster to have access to my phone. By contacting your bank directly, you can speak with an employee and verify the activity, if it exists at all. Perhaps another good reason to bank in a local community bank, where live employees answer the phones and communicate with you in person. I know that at Washington State Bank our employees know our customers and are more than happy to assist you in situations where you are unsure as to what is going on with your accounts. Secondarily, don’t trust a random text message, even if you think it is from a number that you recognize. As former President Ronald Reagan used to say, “Trust, but verify.” Be suspicious of texts or even phone calls that are looking for you to give information to the caller. Here are some examples of items your bank shouldn’t be asking you to give them… Your account number. The bank has your account number, why would we need you to verify that information with us. If you call the bank, the bank should verify information so that we know it is you making the call, but we don’t call you and ask for your information. Your password. The password to your online or mobile banking is for you, the bank should NEVER need this personal information. If you think that the bank needs it, you’re not speaking with the bank. Your Authentication Code. When you receive a secure code from the bank in order to log on or do business electronically, there is NEVER a time that a bank employee would need that code. Multi-Factor Authentication is securing your business and doesn’t ever need to be shared with anyone. That is why the message attached to the code will say something like this… “9021009 is your one-time authentication code. Do not share it with anyone.” Remember, the fraudsters rely upon you hurrying, they count on you being concerned and making a mistake to give them information that they need to steal your funds. It is a lot like the old magician’s trick of having you focus on one thing so much so that you forget to take care of your information. Don’t fall for it! I made some suggestions in the first part of this series that are worth repeating here. If someone calls you from a familiar place and isn’t confirming information that you already know or are waiting to hear, hang up the phone and call that place directly. • Scammers are using technology that spoofs phone numbers – the caller-id may indicate it is from your local bank or the doctor’s office. Your bank will NEVER, EVER, ask for your specific account information – we already have that information. Bank’s do not know your PIN #s for cards, that is your information and is issued specifically to you. Your bank will NEVER, EVER need to ask you for a PIN number. Be careful with your card information. Scammers are very good at talking you into giving away specific information and making it seem like they already know the information. For example – the three digit card security number on the back of your cards. The conversation will go something like this… Scammer: I know that your card ends in 1234, and your expiration date is 08/27. Would you please give me the 3-digit code in order to verify your account? Person: Sure, it is 111. Criminals have access to so much of our data, the simple process of asking you questions is to gain your trust. Please don’t fall for this trick. Please take some time to be careful and thoughtful. Be safe with your online and smartphone life, it will save you a lot of heartache and frustration. Michael Herzog President

Last month I wrote about fraud occurring through your cell phone and the dangers associated with answering that call from an unknown number. In this edition I want to focus on your other online activity with your Personal Computer, Online Banking, and all of those wonderful websites that you purchase items that you must have. Email fraud is another one of those attacks that often catch people off-guard. Spoofing of emails is a leading tool used by fraudsters and often leads to big losses for individuals. Here are three very common types of email spoofs: Display Name Spoofing: The attacker uses a trusted name with a different email address (e.g., "John Smith fakeaddress@example.com"). Domain Spoofing: The attacker forges the entire email to look like it’s coming from a legitimate domain (e.g., johnsmith@trustedcompany.com). Reply-to Spoofing: The attacker manipulates the "Reply-to" field to redirect responses to their email address. The simplest rule that I have learned to defeat email spoofing is to NEVER CLICK ANYTHING IN AN EMAIL SENT TO ME . For example, I make purchases at Amazon, Office Depot, Kohl’s and other online retailers, oftentimes, I receive confirmation from the retailer that I have made a purchase, and it includes a receipt. Many people assume that email is secure between themselves and the sender – in reality there are many programs running on the internet that are glancing at those messages and finding information. This little bit of information alerts the scammers that I do business with that company – and it also gives them my email address. So, about a couple of days later I receive an email from Customerservice@khls.com. If I’m not paying attention and only see the Kohl’s logo, I am inclined to click the link that they provided me to fix my recent purchase or to guide me to their site to steal my login information for my Kohl’s account. If you are speed reading this article – you likely missed the subtle change in the DOMAIN of the email that I received from khls.com, not kohls.com. I learned a long time ago, because I was a victim of fraud, that I no longer click any email links or open any email attachments from companies. I will simply go to the company website and login to my account in order to confirm the information that I’m being told is so very important. Remember, also, that the fraudsters rely upon rushing you into a rapid response to their email or phone message. IF YOU HURRY – YOU’LL BE SORRY… Let me give you a few quick suggestions on dealing with email and keeping yourself safe with your home computer. Use a Secure and Reputable Email Provider: Choose an email provider like Gmail, Outlook, or Yahoo that offers robust built-in security features, including SPF, DKIM, and DMARC protection. Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your email account by enabling MFA. This requires a second verification step (like a text message or authentication app) to access your account. Recognize Spoofed Emails: Be cautious with emails that: a. Urge immediate action or sound too good to be true. b. Contain spelling errors or unusual language. c. Have suspicious links or attachments. d. Hover over links to see the actual URL before clicking. 4. Keep Your System Updated a. Regularly update your operating system, browser, and email client to protect against known vulnerabilities. b. Use antivirus software to scan for malware that may arrive via email attachments. If you follow the simple rules, you can avoid being taken advantage of by the myriads of scams that appear in your email Inbox on a daily basis – sometimes multiple times per day. Take some time to sign up for an ID Theft program to have an extra set of eyes for your online health. We offer a great product at Washington State Bank called ID Theftsmart – it is an inexpensive way to protect your financial life. There are many good companies that provide similar services, and I would strongly encourage you to take advantage of the offerings before you fall victim to identity theft or fraud. One last suggestion…use a Credit Card for all of your online activity. It adds one more layer of protection away from your personal banking accounts that are accessed via your debit card. There is much lower risk to your financial health in using a credit card for your purchases. All the best as you keep yourself safe from all of the bad actors out on the internet and your email inbox. Michael Herzog President