With the heightened attention regarding the theft of personal data, we remind our clients to be aware of fraudulent correspondence. Do not provide any sensitive personal information requested through email, text or phone call. Here are some tips we recommend to protect your identity:

• Be alert to any unexpected email, call, instant message, voicemail, or text that claims to be from a bank, credit card, or online company with whom you have an account. In the event that you do receive such a message, it is a good idea to first call the client services number on your bank, credit card, or online statement (but not any number listed in the message) and verify whether the message is legitimate.
• Do not respond to any email, phone, text, or fax instructions that prompt you to divulge your personal information.
• Do not click on links in a suspicious email or text.

 

1. Change your User ID and Password. Don’t use your email address for your User ID, and select a unique Password for online banking use only.
2. Review the following and immediately report any unexpected findings to Client Services, your banker, or a banking center.
• Your profile contact information (fraudsters may add theirs so they can receive Verification Codes or so you won’t receive Alerts).
• Your profile Payees (Bill Payment), Zelle Recipients, and External Transfer Accounts (fraudsters add these and send funds to themselves).
• Your account transactions and pending online transactions (i.e., upcoming and scheduled bill payments or transfers).
3. Designate your mobile number to receive Alerts via text in Digital Banking to help with faster awareness of online activity; your primary email will also receive Alerts.
4. Designate your mobile number to receive Verification Codes in Digital Banking for faster awareness (email is less secure). Go to Edit Contact Info and check “Use for Verification” by your mobile number.

Millions of Americans fall victim to text message scams every year. Text scams (also known as “smishing”) are among the most common tactics scammers use to steal personal information.

How do text message scams work?

Fraudsters implement numerous types of text message scams. But they all follow a similar pattern:

• You receive a text message from an unknown or “spoofed” number. Scammers use technology to make it look like they’re messaging you from a business or person you know (such as the IRS, Apple, or Amazon).
• The message creates a sense of urgency to get you to act quickly. For example, it may claim that your bank account has been closed or that you’ve won a free gift.
• Next, the scammer will try to get you to either respond, click on a link, or call a number.

In recent years, text scammers have become very skilled in the art of manipulation. They know exactly what to say to get you to act without thinking.

Typically, text scammers have three goals:

1. Getting you to click on a link that downloads malware onto your device. Once your device is infected, hackers can spy on you, steal your passwords and sensitive information, or lock you out and demand a ransom.
2. Sending you to phishing sites that steal your personal information. Links could also take you to fake websites designed to steal your passwords, credentials, or credit card numbers.
3. Prompting you to call them. Once you’re on the phone, scammers can ask you to “verify” personal information (like your Social Security number or banking information) or target you with other social engineering attacks.

Any of these actions can result in immediate and long-term financial losses or even identity theft.

Source: Robokiller.com

How to protect yourself from text message scams

Here’s what you can do to protect yourself from text message scams:

• Never click on links in unsolicited text messages. Scammers use links to infect your phone with malware or send you to fake websites that steal your information. Never click on a link in a text message unless you’re absolutely sure who sent it.
• When in doubt, contact the company, agency, or individual directly. Fraudsters can impersonate everyone from your bank to your boss. If you get a text message that you think you need to act on, contact the person or organization directly first to make sure it’s legitimate.
• Regularly check your credit report and bank statements. Text message scams are almost always after access to your financial accounts. Be on the lookout for the warning signs of identity theft – such as strange charges on your bank statement or accounts you don’t recognize.
• Remove your contact information from data broker lists. Scammers can buy your contact details from data brokers. Unfortunately, there are hundreds of data brokers in the US alone.
• Consider signing up for identity theft protection.

Beware of calls and texts claiming to be from First Horizon Bank

First Horizon Bank clients may be the target of fraud schemes in which a client is contacted through a phone call, email, or text by fraudsters requesting the client verify personal bank information. A recent scheme involves individuals contacting First Horizon Bank clients using a telephone number spoofed to appear on a caller ID as First Horizon Bank’s legitimate Client Services department phone number. This scheme is an attempt to convince the client to provide account information, passwords, and in some cases, one-time passcodes that enable takeover of the client’s account relationship.

It is essential to remember that First Horizon Bank never will contact you directly and ask for your personal or account information that we already have on file. Additionally, we never will ask you to verify your identity by texting codes or passwords to you to confirm who you are. If First Horizon Bank initiates the call, we already will have at hand the information we need.

If you have received a phone call claiming to be from First Horizon Bank and believe you are a victim of fraud or notice potentially suspicious activity on your account, contact Client Services at 800-382-5465.

Fraudulent text messages have also been sent to select First Horizon clients.

What you need to know:

• The text asks the recipient to call a spoofed number and provide sensitive account information.
• This scheme has targeted clients from many different financial institutions in addition to First Horizon.
• First Horizon Bank will never initiate contact with you directly and ask for personal or account information, including requests to verify your identity by texting codes or passwords.

What you can do:

• If you receive a text message or phone call related to this scheme, do not call the number displayed in the text, click on any links or provide your account information.
• If you are concerned that you’ve been a victim of fraud, please call us at 800-382-5465.

Banking trojan – a malware designed to collect banking information from victims

A phishing campaign has been observed targeting organizations mostly in the US. The malware being deployed as part of the attack is classified as a banking trojan. The malware is equipped with a variety of sophisticated evasion and information-stealing capabilities, as well as propagation functionality and a strong persistence mechanism.

How can I guard against it?

• Refrain from opening attachments or clicking links within emails or texts from senders that seem out of place, or context, or from senders that you do not recognize.
• Consider disabling macro functionality in spreadsheet and documents by default.
• Maintain anti-virus software updates/patches on personal computers.
• Route internet requests through an internet proxy to avoid accessing known malicious websites.
• Use DNS services that block access to known malicious sites.

The “secret shopper” scam

Please be suspicious if you receive checks in the mail from any organization asking you to be a secret shopper on its behalf. Often these offers are simply fraudsters attempting to find new ways to get their hands on your money.

How secret shopping scams work:

• You receive checks in the mail (unsolicited) with an offer to be a “secret shopper.”
• You’re asked to deposit the check and use the funds to do your shopping.
• Assignment one is often testing money transfer services, like Western Union, or buying gift cards.
• With the gift cards, you may be asked to send pictures of the cards or send the card numbers with your “shopping” report.
• By the time you’ve sent in gift card information or transferred money, the bank will have discovered that the original check you deposited was fake.
• The end result? You will be on the hook for any withdrawals, and likely the fraudsters will have emptied the gift cards using the information you sent them.

Bottom line: Do not proceed with any scheme that asks you to deposit checks and then transfer money or purchase gift cards and send card information. These are scams that can cost you hundreds of dollars of your hard earned money.

Recently, scammers go to retail stores and remove card(s) from the racks, tamper with the card packing, record the activation code, and return the gift card to the rack. They then activate the card(s) online or turn them into cash without the future buyer of the card ever knowing it. (Source: justice.gov)

When buying a gift card, look for signs of package tampering (this may include damaged, ripped or torn packaging), missing labels or stickers, the card PIN being exposed, etc. If possible, purchase gift cards that are behind a counter where they are monitored.

Avoid card skimmers at gas pumps

Being able to use your debit or credit card at the gas pump is convenient; however, be cautious of skimming devices embedded onto the card readers. These skimming devices are used to copy account data as well as PINs if used during the transaction. Once the information is captured, your card information can be used to make counterfeit cards to withdraw cash from your account at ATMs or make card purchases.

Skimming devices may be difficult or impossible to detect. Some may use an overlay on top of the card insert opening that may be detected by a careful inspection. Other methods may use an internal device. Some pumps may use security tape to help identify if the pump was accessed by an unauthorized person.

To minimize your chance of being compromised by debit and credit card skimmers at gas pumps, use the following tips:

• If you see anything suspicious on the pump (e.g., damage to the card reader or a potential skimming device) do not use your card at the pump. Make your purchase inside the gas station and inform the clerk of the damage or your suspicions.
• If you use a debit card, a way to protect your PIN is to select the “credit” option for the payment.
• Monitor your bank and credit card accounts regularly. If you notice unauthorized charges or cash withdrawals, report them immediately.

If you need to report fraud on your credit or debit card, you can do so by contacting us at 800-382-5465. We are available to assist with card fraud 24 hours a day, 7 days a week.

Protecting seniors from financial exploitation

Elder fraud and financial exploitation are forecasted to become the fastest growing crime in the next 10 years. Sadly, the people exploiting older adults are often family members, caregivers, or other trusted individuals who are handling the financial affairs of a parent, relative, or friend.

You can help protect seniors from fraud and exploitation by intervening early when the threat is from trusted persons handling financial affairs, fraudsters and theft by staff or intruders.

A variety of things you observe or detect may signal that a senior is a victim of fraud or financial exploitation. Here are a few of the many red flags you may see:

• Senior, regardless of cognitive impairment, complains or reports that someone is misusing or stealing his/her money or property
• Senior is unaware of transactions or missing funds
• Senior is being encouraged to withdraw a large sum of money
• Sudden transfer of assets or changes in a will
• Unexplained names on a senior’s accounts
• Senior lacks basics (e.g., underwear, deodorant), but personal needs account is depleted
• Observing/hearing a senior being threatened by a family member, caregiver, or other trusted individual
• Checks or other documents signed/dated when the senior is no longer able to write
• Senior becomes secretive and suddenly starts hiding possessions or hoarding papers
• Senior is agitated or distraught prior to or after a family member, caregiver, or other trusted individual visits
• Senior is refused needed care and medical services in order to keep the senior’s assets available for the abuser
• Senior who appears to lack decision-making capacity signs new power of attorney document

Your top priority should be early recognition, documentation, and reporting. If you feel a senior is being financially abused, report the situation to your nearest branch.

You can visit https://ncea.acl.gov (opens in a new tab)/ or http://www.consumerfinance.gov (opens in a new tab)/ for additional information regarding elder financial exploitation.

Beware of social engineering schemes

Recently there has been an increase in fraud schemes where clients are being contacted by phone or email to obtain personal information, such as account information (account numbers) and/or identifying information (e.g., Social Security number, date of birth). Some tactics used include advising you that there is a problem or missing information related to your account and additional information is needed to correct the issue. In some cases, threatening tactics may be used (e.g., criminal pursuit, collection agency referral) to obtain this information.

To avoid becoming a victim, follow these tips:

• Do not provide any personal information to an unsolicited caller.
• Never respond to a phone call or voicemail asking you to verify account information or reactivate a service.
• Never provide personal or account information over the phone or via email/text, even if it appears legitimate. Contact the organization directly using information listed on their website or other trusted source.

We have the necessary information to conduct business with you, and we would not ask you to supply your full account number or card number during a phone call originated by us.

If you have received a phone call purporting to be from us and believe you are a victim of fraud or notice suspicious activity on your account, contact Client Services at 800-382-5465.

Card cracking scams

Card cracking is a form of fraud where consumers respond to an online solicitation for "easy money" and provide a debit card for withdrawal of fake check deposits.

Learn More (opens in a new tab) at the American Bankers Association.

Social media fraud scheme

In a recent social media scheme (primarily Facebook), users are being enticed into opening new accounts or using their existing accounts in exchange for merchandise or “fast cash.” The proposal is typically made via a post with pictures of cash or other items encouraging anyone interested to comment for more information. The accounts are ultimately used to conduct transactions involving the deposit of fraudulent checks and subsequent fraudulent card purchases/ATM withdrawals.

Consumers should be aware that participation in this type of scheme is illegal and that you may be held responsible for purchases or cash withdrawals made from the proceeds of a fraudulent check deposit. Such activity could result in account closure and possible criminal prosecution.

Source: ftc.gov

Beware of unsolicited offers

If you receive an unsolicited offer that promises you something in exchange for money or account information, you should not respond unless you are sure the offer is legitimate. Common scenarios include offers that require an upfront fee, requests to wire funds, a notice that you won a lottery/contest, or a person on a social website who asks for money (e.g., travel money to meet you, emergency cash, medical bills, etc.).

If you receive an offer or request and are unsure if it is legitimate, contact Client Services at 800-382-5465. Remember, if it sounds too good to be true, it probably is.

ACH fraud

ACH (Automated Clearing House) is used to process direct deposits, checks, bill payments and cash transfers between businesses and individuals. It can also be a popular way for fraudsters to steal money from unsuspecting consumers. ACH fraud is a scheme that is expected to continue to trend upward.

To avoid becoming a victim, follow these tips:

• Never give out any personal information to a third party unless you initiated the contact
• Monitor your accounts and statements thoroughly, ensuring that all account activity is yours and correct
• Always log off from online banking sessions
• Never click on links or open attachments sent from an untrusted email
• Store new checks in a safe place
• Use a secure connection when paying online (indicators of a secure connection may vary by browser or settings)

If you believe you are a victim of ACH fraud, contact Client Services at 800-382-5465.

Student loan forgiveness scams use tactics similar to others by emailing potential borrowers with aggressive advertisements such as:

• “Act immediately to qualify for student loan forgiveness before the program is discontinued.”
• “Your student loans may qualify for complete discharge. Enrollments are first come, first served.”
• “Student alerts: Your student loan is flagged for forgiveness pending verification. Call now!”

Other things to look for include:

• Scammers will request an up-front or monthly fee while promising immediate and total student loan cancellation. Most government forgiveness programs require years of qualifying payments and/or employment in certain fields before forgiving loans.
• Asking for your StudentAid.gov account information, like your FSA ID (account username and password). This is a red flag. We and our partners will never ask for your password. That’s a guarantee.
• Email may contain unusual capitalization, improper grammar, or incomplete sentences. These sorts of errors indicate a potential scam in action.
• Some scammers may use official-looking names, seals, and logos, but that doesn’t make them trustworthy. Know what official communications from us and our partners look like and always double check the sender’s email address.
• Be cautious of any calls you receive about your student loans. If you receive an email, double check that the URLs and email addresses match exactly.
• Emails from us will only come from these addresses:
  noreply@studentaid.gov
  noreply@debtrelief.studentaid.gov
  ed.gov@public.govdelivery.com
• Text messages from us will only come from 227722 or 51592.

Legitimate Student Loan servicers can be found here.

Debt Collection scams

Be aware of debt collection scams that involve operators fraudulently soliciting money from consumers. The operators of this scam are using threatening tactics (e.g., lawsuits, asset seizure, arrest) to force consumers into immediately paying debt on loans they never authorized or paid off several years ago. Those perpetrating this scam have obtained identifying information about consumers (e.g., Social Security numbers, addresses, banking information) and will use this in order to appear as a legitimate collection agency.

Numerous consumers also reported their place of employment has been contacted in an attempt to collect “past due” funds.

To avoid becoming a victim or if you believe you are a victim of this scheme, follow these tips:

• If you are unsure whether you are delinquent on a payday loan or other debt, contact your lender directly using your loan paperwork to find a legitimate contact number.
• If your place of employment has been contacted and you know you have a loan that you paid in full, inform them you believe you are a victim of a fraud scheme.
• Never provide personal information to a third party unless you initiated the contact.
• If you receive a phone call regarding this scam, or have fallen victim, contact local law enforcement and file a complaint with the Federal Trade Commission at www.ftc.gov or the Consumer Financial Protection Bureau at www.consumerfinance.gov.
• If you believe someone stole your personal information and used it to obtain a fraudulent loan, contact the credit bureau and visit www.identitytheft.gov for tips on what you can do to protect your identity.

Beware of communication purporting to be from First Horizon Bank

A phishing scheme targeting First Horizon Bank is being sent through text messages. This scheme is an attempt to get the user to reset their security answers. This information is intercepted and used to take over the account.

If you receive a text message regarding this scheme, do not click on the link. If you have clicked on the link and provided sensitive information, we strongly encourage you to change your password and security questions immediately, using the actual First Horizon Bank website or to call Client Services at 800-382-5465.

If your business accepts wires, take precautions.

If your business sends outgoing wires to or on behalf of clients, beware of a scheme in which hackers can take over a legitimate email address and initiate fraudulent wire requests.

• Business Email Compromise (opens in a new tab) (BEC) (FBI Alert # I-082715a-PSA)
• Email Account Compromise (opens in a new tab) (EAC) (FBI Alert # I-082715b-PSA)

Ensure that your business has procedures in place to verify any wire that is received via email or fax. For example, calling your client directly using a phone number on file before proceeding with a wire can determine if the client actually sent the request.

If you become aware that your client's email has been compromised, advise the client to contact their email and virus software providers, as their password/account information could have been compromised by a third party.

New wire fraud scam reroutes payroll direct deposits

An article by CNBC.com (opens in a new tab) details a current fraud scheme where fraudsters are targeting businesses’ Human Resources departments through email. The fraudsters impersonate senior executives and attempt to convince human resources personnel to change associates' bank account and routing information in order to route associates' paychecks to offshore accounts owned by the criminals.

Additionally, the fraudulent emails often go undetected because they defy many existing red flags for malicious communications. The emails are well written, cordial, and lack the misspellings and grammatical errors that would typically trigger email filters.

Focus your company’s efforts, which may include adjusting email filters to pick up common traits of this type of request and training associates in security best practices. Ask your company’s executives to avoid using their personal emails when sending messages. Companies that have been sent versions of this fraud scheme can report it the FBI’s IC3 tip line (opens in a new tab).

Protect your business: Stolen and counterfeit checks

Stolen checks are typically obtained via mail theft, primarily from US Mail drop boxes (blue boxes) or mailboxes at residences and businesses. Criminals have been able to obtain keys for the blue boxes so those have been a primary source in recent years. They typically target checks drawn on businesses since those accounts tend to maintain higher balances.

Stolen checks can be altered to reflect a different payee and/or amount. Chemicals may be used to remove the ink so the new name and/or amount can be added cleanly, which might match the original font if done carefully.

Counterfeit checks are typically created using a stolen check as a guide. Blank check stock is easily obtained from office supply companies, and these can be printed using the stolen check format. The maker signature may be forged, or the original signature may be scanned and printed on the counterfeit check.

When mailing checks, it is recommended that the mail be brought inside a US Post Office facility. If using a mailbox or blue box, be sure to do so before the collection time.

Given the prevalence of counterfeit check activity, all business clients should review accounts on a daily basis to identify fraudulent activity and report it immediately. Our Treasury Management group offers a Check Positive Pay service for commercial clients, which can help detect fraudulent checks and return the items timely.

Source: fincen.gov