Security Alerts

    Scam Phone Calls Continue; IRS Identifies Five Easy Ways to Spot Suspicious Calls

    IR-2014-84, Aug. 28, 2014

    WASHINGTON — The Internal Revenue Service issued a consumer alert today providing taxpayers with additional tips to protect themselves from telephone scam artists calling and pretending to be with the IRS.

    These callers may demand money or may say you have a refund due and try to trick you into sharing private information. These con artists can sound convincing when they call. They may know a lot about you, and they usually alter the caller ID to make it look like the IRS is calling. They use fake names and bogus IRS identification badge numbers. If you don’t answer, they often leave an “urgent” callback request.

    “These telephone scams are being seen in every part of the country, and we urge people not to be deceived by these threatening phone calls,” IRS Commissioner John Koskinen said. “We have formal processes in place for people with tax issues. The IRS respects taxpayer rights, and these angry, shake-down calls are not how we do business.”

    The IRS reminds people that they can know pretty easily when a supposed IRS caller is a fake. Here are five things the scammers often do but the IRS will not do. Any one of these five things is a tell-tale sign of a scam. The IRS will never:

    1. Call to demand immediate payment, nor will we call about taxes owed without first having mailed you a bill..
    2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
    3. Require you to use a specific payment method for your taxes, such as a prepaid debit card.
    4. Ask for credit or debit card numbers over the phone.
    5. Threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

    If you get a phone call from someone claiming to be from the IRS and asking for money, here’s what you should do:

    - If you know you owe taxes or think you might owe, call the IRS at 1.800.829.1040. The IRS workers can help you with a payment issue.
    - If you know you don’t owe taxes or have no reason to believe that you do, report the incident to the Treasury Inspector General for Tax Administration (TIGTA) at 1.800.366.4484 or at www.tigta.gov.
    - You can file a complaint using the FTC Complaint Assistant; choose “Other” and then “Imposter Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.

    Remember, too, the IRS does not use unsolicited email, text messages or any social media to discuss your personal tax issue. For more information on reporting tax scams, go to www.irs.gov and type “scam” in the search box.

    Fraudulent Checks

    The escalation of the risk of fraud in our society has become a concern to us all. Several new scams involving counterfeit checks passed off to unsuspecting consumers through Internet and International Lottery schemes among others have increased the incidence of fraud.

    Monson Savings Bank wants you to understand the risks associated with accepting a check (including a bank check) from someone you don't know.

    It is important to understand that under provisions of the Uniform Commercial Code you are responsible to the bank for all checks that you deposit to or cash against your account(s) at Monson Savings Bank.

    We want to help you to avoid the frustration, embarrassment and financial loss associated with being a victim of fraud. Please ask a Supervisor at one of our branch offices for assistance if you have any questions or concerns about any check you receive from another party before you deposit the check into your account. There are ways that we can assist you in determining that your check is valid and negotiable.

    We value our relationships with our customers and strive to protect you and your investments. We appreciate you choosing Monson Savings Bank to meet your financial needs.

    Attention College Students and Parents!

    We wanted to let you know about a scam called "Card Cracking" that is being targeted at college students by promising a fast way to make some extra cash. (Note that this information is courtesy of the Independent Community Bankers Association (ICBA)).

    Under the scheme, scammers tell students via social media or text message that they will receive a cut of money from a check that will be deposited into their account. For the scam to work, students must provide bank account information, such as an account number, PIN or password, to the fraudster. The fraudster then deposits a fraudulent check by remote or mobile deposit, waits a day, and then withdraws the funds. Occasionally, scammers then tell students to file a claim with their bank that their card was lost or stolen, with the bank ultimately reimbursing the customer the stolen funds. This not only puts students at risk of losing personal funds, but also of being charged with filing a false fraud claim, which carries a criminal charge that can result in hefty punishments.

    Unfortunately, scams like card cracking are plentiful. ICBA offers the following tips to help keep college students from falling victims to these types of scams.

    • If an offer seems too good to be true, it probably is.
    • If you're offered a job over the Internet, it's probably a scam. Always meet potential employers in person, and never exchange bank account information with an employer you meet on social media websites, such as babysitting or lawn-care services.
    • Make sure your cell phone has a passcode.
    • Don't share usernames and passwords.
    • When using public computers, don't use "auto-fill" features on websites or save passwords.
    • When logging into online banking or other sites that display sensitive information, ensure "https:" is displayed in the address bar, especially on a public computer.
    • Read the fine print--this might seem time–consuming, but it could potentially save you hundreds and potentially thousands of dollars in the long run.
    • Secure essential and important documents, such as Social Security cards, licenses, financial papers and bank account information.
    • If you're offered a credit card or other financial products on campus, check with your community bank to see if they have better rates or products.

    Additional information about protecting personal information and online safety is available through the StaySafeOnline.org website.

    Thank you!

    Attention Android Phone Owners

    As a courtesy, we wanted to let you know that reputable Information Security websites recently reported that a serious set of security flaws in the Android operating system could put Android smart phones at risk. Please note that these security flaws, dubbed "Stagefreight," only affect Android phones. iPhones, Blackberries and flip phones are safe.

    Please be assured that Stagefright has no direct impact on any Monson Savings Bank applications, including TouchBanking or our iPad app for accessing mobile banking via your smart phone or iPads. However, because no one yet knows what problems could occur for people using compromised Android phones regardless of what they're using them for, we encourage everyone with an Android to take steps to keep your phone safe. Below you'll find information from reputable sources with suggestions on what you can do to mitigate Stagefright.

    According to InfoRiskToday.com:

    The Stagefright flaw doesn't require user interaction and can be automatically and silently exploited by an attacker. Attackers only need a user's mobile-phone number to remotely take control of the device through a specially crafted media file delivered by text message. Therefore a phone could be compromised without the owner's knowledge.

    The article recommends disabling the Google Hangouts app and avoid opening text messages from unknown contacts. To disable Hangouts, go into Settings/Application Manager, show all applications, find and click on Hangouts, click the DISABLE button and follow the prompts to complete the process. It will then be listed in the "disabled" section of Application Manager.

    Additionally, according to the Vulnerability Notes Database of the Software Engineering Institute at Carnegie Mellon University, you can do the following:

    • Contact your cell phone carrier to find out if there is an update for your phone to mitigate Stagefreight.
    • Block all text messages from unknown senders -- Blocking all text messages from unknown senders in your default text message handling app may mitigate this issue.
    • Turn off "Auto Retrieve" for multimedia messages -- If your default text messaging app does not allow blocking of senders, you may also disable the auto retrieve feature for multimedia messages. This may prevent the auto loading of MMS content into Stagefreight.

    We hope you find this information helpful. If you have any questions, you should contact your phone carrier. Thank you.

    8/6/15 Update: Google is starting to provide patches (fixes) to the carriers who are starting to send them out to their phones, so check with your mobile phone carrier to find out when your update is due. (There are about 1,300 android phone manufacturers worldwide with 24,000 different models of phones, so it will take a while for all of them to get their specific patch).

    New Debit Card Fraud Detection System

    For your protection and added security, we have implemented a new Debit Card Fraud Detection System that may use an automated service to contact you in the event we feel your card may be at risk for fraud. Please return the call at 1-866-750-9107 as soon as possible or contact your local branch.

    Fraudulent Check Notice

    Monson Savings Bank wants you to understand the risks associated with accepting a check (including a bank check) from someone you don't know.

    Fraudulent E-mail Survey – April 27, 2012

    The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the FDIC. The e-mail exhibits the "Subject" line: "SURVEY CODE: STJSPNUPUT". The "From" line may exhibit variations; however, the messages are similar. The email states, "You have been chosen by the FDIC to take part in our quick and easy 5 questions survey. In return we will credit $100 to your account just for your time!" The recipient is then instructed to "Click here to Continue." Recipients should not click on the link provided. This email and link are fraudulent. Recipients should consider the intent of the email as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. As a reminder, the FDIC does not send unsolicited emails to consumers or business account holders.