Alerts

Knowledge is protection. Machias Savings Bank is committed to helping you combat fraud by raising awareness and sharing best practices. Below you will find summaries of on-going fraud schemes along with tips and recommendations.

Card Deactivation Scams
Phishing Scams
Vishing Scams
Smishing Scams
Visa/MasterCard Telephone Scam
Fraudulent Letter - Fake Check Scam 
Fake Check Scams
Social Networking and Identity Theft

Card Deactivation Scam

Many people are receiving a variation of the following message:
Irregular activity has been detected on your ATM/Check Card. For your protection, future authorizations have been suspended, and your card has been deactivated. To re-activate your ATM/Check Card, call the (24 hour) Activation Center: (xxx) xxx-xxxx.  

Tips:

• This is a scam. You should delete and ignore the message.
• Do not respond to the message or call the number.

Important note: This Card Deactivation Scam is different from the Machias Savings Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a fraud specialist to contact you after a possible suspicious transaction, they will simply ask you to verify a specific recent purchase. 

They will never ask for your PIN number or any other account information. You will not be told your card has been deactivated.

Click the Fraud Prevention tab above to learn more.

Back to Top 

Phishing Scams

"Phishing" is the act of sending an e-mail or pop-up advertisement that claims to be from a legitimate business or organization that you deal with. Scam artists recreate pages using information from legitimate web sites in hopes of fooling consumers into providing their personal information.
 
The e-mail or pop-up will ask you to "update" or "validate" your account information, passwords, logins, and will make some form of urgent appeal so that you will respond quickly. The e-mail or pop-up may appear to be from a trusted source and may direct you to a fraudulent web site.
Some consumers mistakenly submit financial and personal information and the "phishers" use it to gain access to financial records or accounts, commit identity theft or engage in illegal acts.

 Recognizing "Phishing"

It may not always be easy to recognize fraud emails or pop-ups but there are some precautions:
 
Urgent Emails
Watch out for e-mails with links, attachments or pop-ups that state an urgent reply is needed or your account may be closed.
 
General Greetings
Watch out for e-mails or pop-ups that provide a general greeting and don't identify you by name.
 
Typos and Errors
Fraudulent e-mails or pop-ups may have typographical or grammatical errors. Watch out for poor visual and design quality.

Back to Top 

Vishing Scams

Vishing, a term coined from combining “voice” and “phishing”, exploits the public’s trust in landline and cell phone telephone services.

Similar to phishing, the fraudster sends an e-mail indicating the recipient’s bank needs to update certain information. The e-mail cunningly references phishing and identity theft. The twist comes when “for security purposes” the individual is directed to call “one of our personal bankers” at a provided toll free number.  When the individual calls, thinking they are updating the information on their accounts, they actually provide their private information directly to the fraudster.

Vishing is typically used to steal debit and credit card numbers or other information used in identity theft schemes. It is very hard for legal authorities to monitor or trace Vishing.

Tips:

• Be highly suspicious when receiving messages directing you to call and provide card or bank account numbers.
• Contact your bank or credit card company directly to verify the validity of the message. Note: do not use telephone numbers provided to you via the e-mail or phone call. Look up the number yourself via an online directory or telephone book.

Back to Top 

Smishing Scams

Smishing is derived from combining SMS (protocol used to transmit text messages via cell phones) and the more familiar “phishing”.

Almost identical to the phishing scam which uses e-mail, this new tactic exploits mobile banking. The fraudster, disguised as a financial institution, sends a text message requesting personal information such as account numbers or passwords.

Alternately, some messages warn the consumer will be charged unless they take action to cancel
a supposed order by going to a specific web site. When visited, the site downloads a “Trojan horse” that then steals credit card numbers and other private information.

Some of the new smishing techniques include mobile spyware that once downloaded to a phone can eavesdrop on conversations.

Tip:
Treat your cell phone with the same level of concern you apply to your computer.

Back to Top

Visa/MasterCard Telephone Scam

In this telephone scam currently sweeping the country, fraudsters try to get you to divulge your secure debit or credit card information. The typical scam works like this:

A very professional-sounding individual calls, offers their name and badge number etc. and claims to be from the security department of your credit card company. They tell you your card has been "flagged for an unusual purchase pattern"; you are asked to verify you made a purchase for "$000.00" at  "XYZ" company. When you say, "no" you did not make that purchase, they may confide they have been watching this company — but they will take immediate steps to ensure you are credited this amount before your next statement. You may even be given a confirmation number to use when calling to check the status of this fraud claim.

Making it an even more believable scenario, the caller has your address, which you are asked to verify. You are not asked for the number on the front of your card, in fact the crook may read that off to you as well, furthering your belief that you are dealing with a legitimate Visa or MasterCard staff member.

In this fraud, the target data is the three digit security code (CVC2 or CVV2 codes) found on the back of your card. After getting their hands on credit card numbers (often through dumpster-diving for discarded receipts or statements) all the identity thieves need to charge purchases to your account via the telephone or Internet is this last piece of information.

This scam is not new — it's been exploited since MasterCard started putting CVC2 security codes on its cards in 1997 (Visa started using CVV2 codes in 2001). Both companies strongly stress they will not ask a cardholder to disclose security codes or provide any information verifying physical possession of a card.

Tips: If you are asked to provide any number information, hang up and call the telephone number on the back or your credit card — or call your banker for assistance.

Important note: This credit card scam is different from the Machias Savings Bank practice of protecting you from unauthorized use of your ATM/debit card. When we authorize a fraud specialist to contact you after a possibly suspicious transaction, they will simply ask you to verify a specific recent purchase.  

Back to Top

Fraudulent Letter - Fake Check Scam

Claiming to represent the American Bankers Association (ABA), fraudsters are distributing letters instructing people to call a phone number to find out how to collect a prize. When called they trick the individual into revealing personal financial information.

Fraudulent sweepstakes are just one of many scams aimed at stealing personal information. Identity thieves have posed as representatives of banks, Internet service providers, and government agencies to get people to reveal their Social Security Number, mother's maiden name, account numbers, and other identifying information.

Tips: Be cautious about providing personal or financial information to anyone you do not know. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact, and are sure you know with whom you are dealing.

Note: Machias Savings Bank will never ask for private information by email or unsecured website.

Many of the fake ABA prize letters also contain fraudulent checks.

Tips: One way to confirm you are dealing with a legitimate organization is to check their website — however it’s important to type its URL in the address line yourself. Do not cut and paste it from a message sent to you, which can be altered to redirect you to an unsafe site.

Back to Top

Fake Check Scams

Millions of consumers are being tricked into accepting genuine-looking checks and money orders and wiring money to fraudsters.

Common fake check scams:

1. Sweepstake, lottery and grant fraud. Individual receives a check or money order with instructions to wire a portion to pay taxes or administrative fees.
2. “Work-from-home”. “Employee” processes payments for a foreign business with instructions to deduct their pay from a check or money order and wire the rest to their “employer”.
3. Overpayment. Scammer sends a check or money order for more than the amount for something the individual has for sale, with instructions to wire the extra to someone for shipping.

The checks or money orders are fake. You’re out the money.

Per federal law, financial institutions must give consumers timely access to money from deposited checks or money orders. Although funds are made available, that does not guarantee the deposited check or money order is good. The depositor is liable for repaying the financial institution if checks or money orders cashed or deposited are counterfeit. 

Tips:

• No legitimate sweepstakes or lottery would send you a check or money order and ask you to send payment in return. Taxes are always paid directly to the government.
• Do not pay for grants claiming to be from the government or foundations; grants do not charge. Most require an extensive application process and are awarded to organizations, not individuals.
• Never cash checks and send the money somewhere as part of a job working from home. Legitimate employers do not operate that way.
• Never wire money to anyone you have not met in person and known for a long time. Verify identification.
• If suspicious, consult your state or local consumer protection agency, the Federal Trade Commission, Postal Inspection Service, or other trusted source. Go to www.fakechecks.org to learn more.

Back to Top 

Social Networking and Identity Theft

Online social networking can be a great way to exchange ideas, information, photos and games — but remember, putting your personal information online comes with risks.

The more information you provide about yourself online, including posts and live chats on social networking sites, the easier it is for people to use these details to commit fraud.

Your best protection:
Do not reveal too much information in your social networking. Control who can access your online information.

Tips:

• Do not include email addresses or phone numbers in your profiles.
• Keep your address and physical location private. Beware of publishing photos containing street-names, car license plates, or locations you frequent that can be linked to you.
• Read the terms and conditions before you sign up to any social networking sites. Know who can access your information. Check security and privacy settings; keep them up-to-date.
• The best passwords are at least eight to ten characters long and use a combination of upper and lower case letters, plus numbers and symbols.

Social networking sites build themselves on a culture of trust. Do not get caught up in the moment. Always think before you respond. Keep your personal information safe.

Back to Top 

Business Alerts

We are committed to providing you with information to help protect your business from falling victim to an ever increasing variety of scams. We continue to be vigilant and your security is of utmost importance to Machias Savings Bank. Below are listed some known threats to your information and assets. Feel free to contact us for more information or what you can do to further protect your business.

Money Mule Scheme
Commercial Account Scam 

ABA Alert: Malware and Money Mule Scheme

The American Bankers Association warns of an increase in fraudulent schemes involving malware attached to victims' computers, along with the recruitment of individuals to receive and transmit unauthorized funds.

How the scam works.
The scam attacks two different victims:

1. Using malware*, the cyber-crook intercepts online banking credentials from the computers of small and mid-size businesses. Having gained unauthorized access to the business' online deposit account, the crook then initiates wire transfers to "money mules" around the country. The criminals target online deposit accounts where business customers can originate electronic funds transfers (EFTs) such as automated clearing house (ACH) and wire transfers over the Internet.
   
   *Malware is malicious software or computer code that is installed on your computer; it collects sensitive information such as passwords or banking details, sending it back to people who use it to carry out fraud.
2. Individuals are tricked into acting as a "money mule**" for the fraudsters, unknowingly laundering cash stolen from the above victim's business bank account. This second victim is tricked into using deposit accounts to receive the unauthorized (EFTs) and forwarding the funds overseas to criminals.
   
   **Money mules are consumers who have been lured into scams that involve them receiving money transfers and forwarding the funds to a fraudster.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them to another party via another EFT. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected.

Common scenarios:

• Online job posting sites are often used by criminals to locate and trick individuals seeking flexible hours and work from home employment. The "employee" may be asked to process payments for a foreign business, or act as a mystery shopper assessing business' services by completing EFTs
• Advance fee scams promise monetary rewards for acting as a financial intermediary
• Fraudsters also use imaginative stories to befriend individuals on social networking sites to receive and forward stolen funds 

How can you avoid becoming involved in these scams?

• Do not open attachments or click on links in unsolicited emails.
• Be wary of unsolicited offers or opportunities offering easy money — particularly if the company is based overseas. Remember the old adage: if it sounds too good to be true...it probably is! Verify any potential employer  — and never give out bank account details to someone you don't know or trust. Watch for red flags in the advertisement/emails, such as grammatical and spelling errors.

Tips: Anyone who is concerned that they have erroneously disclosed their personal financial details or has received funds into their accounts that they think could be a money mule scam should contact their banker immediately.

Back to Top

Commercial Account Scam

One of the greatest risks to our customers in today’s banking environment is a fraud loss connected with accepting a counterfeit check in a scam. These scams originated years ago, many in Nigeria, and were directed primarily to individuals. They have evolved considerably and are on the increase.

Recently, businesses being targeted are those attempting to sell something over the Internet. We’ve seen a surge in fraud aimed at businesses that have large dollar equipment for sale over the Internet.

Businesses will typically be dealing with a client they have not met personally. Those conducting dealings outside the United States are more susceptible.

Tips:

• Exercise caution when selling over the Internet. Scammers ask for wire instructions so they can wire the money to your bank. This means providing your bank account number. Do not give out your bank account number and routing number until you are certain that the sale is legitimate.
• If you want to give wire instructions, contact your banker. He/she will give you a wire holding number to which the wire can be sent.
• If the person sends you a check, look carefully at the physical check. Is it coming from the company or person that you were corresponding with in your emails? If not, determine on what bank the check is drawn and research a phone number for that bank using a standard or online telephone directory. Do not rely on the telephone number listed on the check. Call the number listed in the telephone directory and ask to verify the check.
• If you are concerned and unable to verify the check, Machias Savings Bank’s security department may be able to help determine if this is a legitimate check.
• Much of the time, instead of the promised wire you will receive a check. It may be mailed to the bank for deposit into your account or it may be sent to you directly. This check will typically be for a greater amount than you were expecting. If your “potential client” makes the request to have the excess amount wired to them, stop! This is where the monetary loss to the customer typically happens.
• Always check with Machias Savings Bank to see if the check deposited has cleared and if the funds are available.
• The scammer will show interest in your item, indicating they want to buy it with some investigation. This may be a scam. If they offer to wire you the funds so you can pay for their inspector to conduct the inspection, be alert.  If they arrange for the inspector, they should pay for the inspection directly; there is no need to wire you the funds.

Back to Top 

Fraud Prevention 

eStatements

You want the safest, most reliable process for accessing your financial information. eStatements (electronic statements) allow you to view and reconcile your accounts more quickly. You’re in total control — you say where; you say when. Intercepting or rerouting your mail is a common fraud tactic. eStatements eliminate the worry of lost or stolen statements.

To sign up to receive your account statements electronically instead of the traditional paper statement, simply login to MSB Online banking and enroll your accounts from the Options menu. We highly recommend all our customers take advantage of this free service. eStatements will simplify your life, help the environment — and provide an extra level of security.

eAlerts

eAlerts notify you of account activity by sending you an e-mail or a message to your online banking mailbox when certain event criteria is met. You can be notified of account activity such as:

• Checking or Savings low balance
• Current day activity as it is posted to your account
• Loan payments applied
• Loan payments due

Learn more by visiting our eAlerts page.

Your protection continues with Verified by Visa® 

We have enhanced security to your debit card by participating in the Verified by Visa® program. This free online security service guards you against unauthorized use of your Visa when shopping online at participating merchants. It is just like entering your PIN at an ATM.

Have your Visa debit card in hand.

1. Register and create your Password.
2. When you make online purchases, a window pops up at checkout asking you to enter your Password.
3. Machias Savings Bank confirms you are the authorized cardholder and your purchase is completed.

Register your card by clicking below:            

Out-of-the-norm Transaction Verification

Added protection for your ATM/debit card

If a questionable transaction is detected on your card, you will be contacted by the bank, or a fraud specialist (third party vendor) calling on our behalf, to verify the transaction in question. For example: while you’re at the neighborhood grocery buying a few staples, you simultaneously make a purchase in Europe. Not only is this unlikely — it’s impossible.

If the transaction is valid, no action is taken. If you confirm the transaction as fraudulent, we immediately eliminate the card’s access to your account, making it impossible for the card to be used for further unauthorized transactions. By identifying our customers’ general spending patterns, and watching for transactions that appear out of the ordinary, we reduce your risk of fraud.

Important: All information is kept strictly confidential. You will always be contacted by phone. That is why it is critical we have your current telephone numbers on file. If we are unable to make timely contact with you, your ability to use your debit card will be impeded. We don’t want you experiencing such an inconvenience!  For your security, no one at Machias Savings Bank, including fraud specialists working on our behalf, will ever send a text message to your cell phone, or email you regarding potentially fraudulent transactions.

To update your contact information, or if you have questions about this system, please contact Customer Service at 1-866-416-9302.

Multi-factor Authentication System: Online Banking Security

Machias Savings Bank delivers the highest level of security for our online customers by adding an additional layer of security to our log in process. Every time you log in to online banking, Machias Savings Bank identifies you, and lets you identify Machias Savings Bank using a private image and phrase. Click here to learn more.

For our business customers using our MSB eCorp online banking, we offer Security Tokens as an additional layer of security. To learn more about using Security Tokens click here.

128-bit Encryption: the Highest Level of Protection

Our website utilizes 128-bit encryption to secure your confidential account information. When data is sent, it is scrambled so it cannot be understood by unauthorized people. The data is then unscrambled when it is received by Machias Savings Bank.

Privacy Statement and Practices

Machias Savings Bank promises to respect your privacy, keep your information secure and use your information responsibly. If you have a concern about our privacy practices, please contact your personal or business banker. To view the full statement, click here. 

Fraud Alerts

Identity thieves prey on the uninformed and unsuspecting. Knowledge is protection. Our website is updated regularly to keep you advised of prevalent scams. Click here to visit the Federal Trade Commission's website.

Are You at Risk for Identity Theft?

Machias Savings Bank is dedicated to helping you reduce your risk of being victimized. Identity theft is the fastest-growing white-collar crime and can rob you of your money…your credit…and your good name. Are you doing everything you can to protect your identity? Learn more by visiting our Education Center.

Lost or Stolen Card

If you need to report your ATM, Debit, or Credit Card lost or stolen, please contact us as soon as possible so we can take the necessary steps to deactivate your card and prevent potential losses.