security Archives | Page 3 of 4 | New Tripoli Bank
FDIC logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Log In× Close
Contact Us Locations

In recognition of World Password Day, New Tripoli Bank would like to remind our customers and members of our community that they should be taking steps to safeguard their personal account information, including their password, and to make sure they know what to do if they suspect they have been affected by a reported breach.

With more consumers doing their shopping and financial transactions online, it is more important than ever to prevent cybercriminal activity, the bulk of which originates as phishing attacks and costs and estimated $17,700 every minute, according to a press release from the Independent Community Bankers of America. However, by staying alert and practicing proper cybersecurity, all of us can make a difference and ensure a safer and more resilient internet for everyone.

Reducing Your Risk

While there is no foolproof way to avoid online identity theft, you can minimize your risk by:

Respond to a Data Breach

Unfortunately, data breaches do happen, which is why it's important to know the steps you can take to minimize your risk in the event of a breach.

You can learn more about how to protect yourself online at the Stay Safe Online website.

Phishing

Phishing scams have taken many forms throughout the years and it can sometimes be difficult to keep up with the new tools that hackers have developed to steal consumers’ personal and financial data. Since the internet boom in the early 2000’s, one of the more common methods has been creating domain names and web pages that are virtually indistinguishable from actual websites, then sending links to these websites to vulnerable users’ emails. 1,500,000 new phishing webpages are created per month, so it’s clear this problem is not slowing down anytime soon.

A recent alert from security specialists has drawn attention to cybercriminals who have developed a way to make these look-alike pages even more convincing. Scammers use a special tool that automatically displays your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.

To add another layer of sophistication, savvy hackers will “spear phish” in an attempt to increase an email’s apparent legitimacy. Spear phishing involves researching their target so they can include personal information harvested from public sites like Facebook or Instagram in the email. Including these details is intended to trick consumers into overlooking the other more suspicious parts of the email and get them to click the links, open the attachments, or input their information into login pages.

While phishing is still very common and getting more sophisticated, so do fraud prevention techniques and technologies. There are two steps you can take to maintain your security: anti-phishing training and anti-phishing software. You should rely on either of these independently – but instead use them together to protect yourself.

Here are some anti-phishing habits you should become accustomed to in order to protect yourself:

This article uses information from https://www.revbits.com/blogs/lookalike-login-pages and "Scam of the Week" from https://blog.knowbe4.com/

The Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) are warning the public about several emerging fraud schemes related to COVID19 vaccines. The FBI, HHS-OIG, and CMS have received complaints of scammers using the public’s interest in COVID-19 vaccines to obtain personally identifiable information (PII) and money through various schemes. We continue to work diligently with law enforcement partners and the private sector to identify cyber threats and fraud in all forms.

The public should be aware of the following potential indicators of fraudulent activity:

Tips to avoid COVID-19 vaccine-related fraud:

General online/cyber fraud prevention techniques:

If you believe you have been the victim of a COVID-19 fraud, immediately report it to the FBI (ic3.gov, tips.fbi.gov, or 1-800-CALL-FBI) or HHS-OIG (tips.hhs.gov or 1-800-HHSTIPS).

For accurate and up-to-date information about COVID-19, visit:

Online Shopping

For most of us, the holiday season is about friends, family, food—and shopping! Black Friday and Cyber Monday fall just after Thanksgiving in the U.S., but internationally, they are two of the busiest shopping days of the year. Unfortunately, while you’re looking for holiday deals, the bad guys are looking for ways to scam you any way they can.

Follow these tips to stay safe this holiday season:

If you plan to shop from the comfort of your home this year instead of heading out in-person to be the first in line for those door buster deals, make sure your home computer has the latest antivirus software updated. This will help protect you from hackers and identity thieves.

Once you’re ready to shop, make sure you:

The IRS, state tax agencies, and the tax industry yesterday warned of a new text scam created by thieves that trick people into disclosing bank account information under the guise of receiving the $1,200 Economic Impact Payment. "Criminals are relentlessly using COVID-19 and Economic Impact Payments as cover to try to trick taxpayers out of their money or identities," said IRS Commissioner Chuck Rettig. "This scam is a new twist on those we've been seeing much of this year. We urge people to remain alert to these types of scams."

The scam text message states: "You have received a direct deposit of $1,200 from COVID-19 TREAS FUND. Further action is required to accept this payment into your account. Continue here to accept this payment ..." The text includes a link to a fake phishing web address. People who receive this text scam should take a screen shot of the text message that they received and then include the screenshot in an email to  with the following information:

People who believe they are eligible for the Economic Impact ("Stimulus") Payment should go directly to IRS.gov. People who do not have a filing requirement but who are eligible for EIP can use a non-filers tool on IRS.gov until November 21 to claim their payment.

We have received a few calls recently from our customers reporting encounters with individuals impersonating IRS officials over the telephone. This is a very common tactic for scammers to try and steal your personal information and we want to take this opportunity to advise our customers how they can avoid getting scammed the next time they pick up the phone.

Threatening IRS Impersonator Phone Calls

IRS impersonation scams come in many forms. A common one remains bogus threatening phone calls from a criminal claiming to be with the IRS. The scammer attempts to instill fear and urgency in the potential victim. In reality, the IRS would never threaten a taxpayer or surprise them with a demand for immediate payment.

Phone scams or "vishing" (voice phishing) pose a major threat. Scam phone calls, including those threatening arrest, deportation or license revocation if the victim doesn't pay a bogus tax bill, are reported year-round. These calls often take the form of a "robocall" (a text-to-speech recorded message with instructions for returning the call).

The IRS will never demand immediate payment, threaten, ask for financial information over the phone, or call about an unexpected refund or Economic Impact Payment. Taxpayers should contact the real IRS if they worry about having a tax problem.

IRS Phone Scams

The IRS does not leave pre-recorded, urgent or threatening messages. In many variations of the phone scam, victims are told if they do not call back, a warrant will be issued for their arrest. Other verbal threats include law-enforcement agency intervention, deportation or revocation of licenses.

Criminals can fake or “spoof” caller ID numbers to appear to be anywhere in the country, including from an IRS office. This prevents taxpayers from being able to verify the true call number. Fraudsters also have spoofed local sheriff’s offices, state departments of motor vehicles, federal agencies and others to convince taxpayers the call is legitimate.

When in doubt, remember that the IRS does not:

How You Can Help

If you believe you have been contacted by a scammer pretending to be from the IRS, you should contact the Treasury Inspector General for Tax Administration to report a phone scam. You can call the Inspector General at 800-366-4484 or visit their "IRS Impersonation Scam Reporting" web page. You should also report phone scams to the Federal Trade Commission using the "FTC Complaint Assistant" on FTC.gov. If you contact the FTC, make sure to add "IRS Telephone Scam" in the notes so they are aware of the type of scam you are reporting.

If you want to learn more about general IRS scams, you can visit the IRS page for Tax Scam information.

The Internal Revenue Service is urging taxpayers to be on the lookout for a surge of calls and email phishing attempts about the Coronavirus or COVID-19. These contacts can lead to tax-related fraud and identity theft.

Remember: the IRS will not call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster. This also applies to surprise emails that appear to be coming from the IRS. Don't open any links or attachments in emails that say they are from the IRS. Instead, you should go to IRS.gov for the most up-to-date information.

Be cautious not only of emails but also text messages, websites and social media messages requesting money or personal information. Criminals take every opportunity to perpetrate a fraud on unsuspecting victims, especially when a group of people is in a state of need or especially vulnerable. The IRS Criminal Investigation Division is working hard to find these scammers and shut them down, but in the meantime it’s important to remain vigilant."

Don't Fall Prey to Coronavirus Scams

The IRS and its Criminal Investigation Division have seen a wave of new and evolving phishing schemes against taxpayers. In a majority of cases, the IRS will deposit economic impact payments into the direct deposit account taxpayers previously provided on tax returns. If you have previously filed but not provided direct deposit information to the IRS, you will soon be able to provide your banking information online to a newly-designed secure portal on IRS.gov in mid-April 2020. If the IRS does not have your direct deposit information, a check will be mailed to the address on file.

The IRS will not be reaching out to you via email, text, or other means of messaging to get this information – if you receive any communications asking you for personal or financial information, do not respond! In addition, you should not trust someone else with your direct deposit or other banking information, so that they may input it into the secure portal on your behalf.

Retirees Among Potential Targets

We want to remind retirees who don't normally have to file tax returns: for retirees, no action is required to receive their $1,200 economic impact payment. Seniors should be especially careful during this period. The IRS reminds retirees – including recipients of Forms SSA-1099 and RRB-1099 − that no one from the agency will be reaching out to you by phone, email, mail or in person asking for any kind of information to complete their economic impact payment. The IRS is sending these $1,200 payments automatically to retirees – no additional action or information is needed on their part to receive this.

It is also important to remember that these payments are called economic impact payments – fraudsters will sometimes refer to them as rebates or stimulus payments and this is a big red flag that the contact is a scam.

The IRS reminds taxpayers that scammers may:

Reporting Coronavirus-related or other phishing attempts

Those who receive unsolicited emails, text messages or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), should forward it to phishing@irs.gov.

Taxpayers are encouraged not to engage potential scammers online or on the phone. Learn more about reporting suspected scams by going to the Report Phishing and Online Scams page on IRS.gov.

Official IRS information about the COVID-19 pandemic and economic impact payments can be found on the Coronavirus Tax Relief page on IRS.gov. The page is updated quickly when new information is available.

We've all been on the receiving end of gift cards for the holidays. After all, they are a convenient present for when you're not sure what to get your friend or relative, but still need to get a gift for them.

Unfortunately, what should be something harmless can often be used by scammers as a way to defraud people out of their money. After all, a gift card is just like cash (i.e. any misuse is hard to trace) and, unlike credit cards, there usually aren't any resources customers can turn to when their gift card is stolen or used without authorization, so it is difficult to reverse a fraudulent transaction or get a refund.

Another common gift card scam occurs when someone poses as an attorney for a family member, claiming that family member is in legal trouble and needs help. The scammer will contact you via phone or email and ask you to purchase gift cards in specific amounts to pay them. Once you purchase these gift cards, the scammer will ask you to provide the card numbers and PINs so that the scammer can redeem the funds, leaving you out several hundred dollars.

Asking for gift cards to pay for legal issues and unexpected contact via phone or email are both big red flags that you might be the target of a scam. Remember: no business or government agency will ask you to make payments with gift cards. It's also a good rule of thumb to avoid making payments via phone or by wiring money, unless you can confirm the request is legitimate via other communications.

Also, be on the lookout for gift card scams when you're selling items. There is a common gift card scam that involves a person offering to purchase an item and sending you a check for more than the item's purchase price. They will then ask you to send back the difference in the form of a gift card. When you attempt to cash the check later, you will discover it is fake!

If you suspect you've been the victim of a gift card scam, you should report the situation to your local police department as well as notify the Federal Trade Commission (FTC), which tracks these scams. In addition, you should immediately report the scam to the merchant or company that issued your card and ask if they can refund your money. Most issuers have a toll-free telephone number to report lost or stolen cards, and you may get back the money left on the card or at least a portion of it (there is sometimes a fee for providing a refund). Be sure to keep the receipt and a record of the card number as you may need to provide this information when you report fraud.

Tips When Buying Gift Cards

Scammers asking for gift cards isn't the only way you can be defrauded. Here are some safety tips you should keep in mind when you're buying gift cards.

Wawa is notifying potentially impacted individuals about a data security incident that affected customer payment card information used at potentially all Wawa locations during a specific timeframe. Based on the investigation to date, the information is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers. The ATM cash machines in Wawa stores were not impacted by this incident. At this time, Wawa is not aware of any unauthorized use of any payment card information as a result of this incident.

Wawa’s information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. After discovering this malware, Wawa immediately engaged a leading external forensics firm and notified law enforcement. Based on Wawa’s forensic investigation, Wawa now understands that this malware began running at different points in time after March 4, 2019. Wawa took immediate steps after discovering this malware and believes it no longer poses a risk to customers.

“At Wawa, the people who come through our doors are not just customers, they are our friends and neighbors, and nothing is more important than honoring and protecting their trust,” said Chris Gheysens, Wawa CEO. “Once we discovered this malware, we immediately took steps to contain it and launched a forensics investigation so that we could share meaningful information with our customers. I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident. To all our friends and neighbors, I apologize deeply for this incident.”

Wawa is supporting its customers by offering identity protection and credit monitoring services at no charge to them. Information about how to enroll can be found on the Wawa website below. Wawa has also established resources to answer customers’ questions, including a dedicated call center that can be reached at 1-844-386-9559, Monday through Friday, between 9:00 am and 9:00 pm Eastern Time or Saturday and Sunday between 11:00 am and 8:00 pm, excluding holidays.

New Tripoli Bank is also ready to support our customers who may have concerns about their account security. You can download our mobile banking app and set up push notifications to alert you when there is activity on your New Tripoli Bank accounts, so you will be notified immediately if there are any suspicious or fraudulent transactions made on your account. Take the time to update your passwords. If you think one of your cards has been compromised, you can deactivate your card by using our mobile banking or online banking tools or by calling our toll-free number at 888-298-8821 (during business hours), 800-264-5578 (after business hours) or 701-461-2552 (international) and requesting a new card.

A detailed notice and open letter to customers from Wawa’s CEO notifying potentially affected individuals about the incident is available at www.wawa.com/alerts/data-security

Tips for Secure Online Shopping

The internet has revolutionized the way we shop. You can search for items from many different sellers from the comfort of your living room, easily compare pricing between vendors, and purchase products with the click of a mouse. While this has made shopping easier than ever, it leaves you vulnerable to attackers attempting to steal your personal and financial information. Criminals who get a hold of sensitive data can use it for their personal gain, making purchases with your account or selling the information to the highest bidder, while negatively affecting your financial security.

How do criminals target consumers?

There are four methods criminals commonly use to take advantage of online shoppers:

How can you protect yourself?

Now that you know the tactics attackers will use to gain access to your information, it's important to keep these tips in mind when shopping online:

Next Page »« Previous Page