There's no such thing as a free lunch, and there's no such thing as a "free" security scan for your computer. You may have been browsing the internet in the past and seen a pop-up or ad for a "free" scan to find malware on your computer. Some of these ads might even have official-looking logos like the Windows logo to make them appear more legitimate. Don't fall for it! These are scammers impersonating well-known companies and using scare tactics to trick you into paying to fix computer problems that may not even exist.

Here's how the scam works: you will receive a pop-up informing you that there are viruses or other malicious software on your computer and will include a link for a free scan. Following the "scan," the scammer will contact you saying that they have identified supposed "serious issues" that require your immediate attention, then urge you purchase software that can "fix" these alleged problems. After you've purchased and installed the software—which can range anywhere from $25 to $60—you are provided with a number to call to "activate" the software. When you call this number, you're greeted by a telemarketer who will try to sell you additional services by claiming the "problems" on your computer are more severe than their software can handle.

There are simple steps you can take to avoid these types of scams:

• Don't click on links in pop-ups or other ads you encounter on the internet. If you see a product or service that interests you, search for it via Google or other search engine to find out if it is legitimate.
• Your computer can't be scanned by pop-up ads. If an ad on a website says its found problems on your computer, this is an obvious scam. Do not click the link, even if it has a logo you recognize like a Windows or Microsoft logo!
• Know that legitimate tech companies won't contact you by phone, email or text message to tell you there's a problem with your computer.
• Take the time to research anyone pressuring you into buying a product or service online.

You can learn more about this and other tech support scams at ftc.gov/techsupportscams.

Mail check fraud continues to be a serious problem facing consumers and banks and combatting this epidemic of fraud is a top priority for the security team here at New Tripoli Bank. This type of fraud occurs when someone steals uncashed checks, either from personal or Post Office mail boxes (i.e. the blue mailboxes), then "washes" the checks and alters them to cash out themselves or sells uncashed checks online. This leaves the person who wrote the check paying someone who is not the intended recipient.

New Tripoli Bank has put together a helpful infographic to help our customers who have been targeted by mail check fraud, which you can view here: https://www.newtripolibank.net/wp-content/uploads/2024/04/1709237178-AlteredChecksHandout.pdf 

What should you do when you fall victim to this type of fraud? Don’t beat yourself up! Anyone can fall victim to fraud and you shouldn’t feel stupid for being targeted by criminals. New Tripoli Bank is ready to help ensure your money and identity are kept safe from scammers.

1. Contact your bank and alert them that your personal financial information has been stolen.
2. Create a list of outstanding checks or any regular incoming or outgoing payments. You will need this information when you open a new account.
3. Visit your bank to close old accounts. New Tripoli Bank customer service representatives are trained to help customers close accounts that have been targeted by fraud and open new ones.
4. File a police report with your local police department.
5. Go to USPS.com to report stolen mail to the United States Postal Service or contact the U.S. Postal Inspector’s Office by calling 1-877-876-2455.

Where can I file complaints?

Consumer Financial Protection Bureau (CFPB)

Complaints can be filed with the CFPB at www.consumerfinance.gov/complaint/

The CFPB hears complaints about deposit accounts, credit cards, debt collection, and more.

You will be asked for dates, dollar amounts, and communications relevant to your complaint. You are allowed to attach documentation to prove your case.

Federal Reserve Board (FRB)

Complaints about financial institutions can be filed with the FRB at https://forms.federalreserveconsumerhelp.gov/secure/complaint/formComplaintIntro.html

You will be asked for identifying information, information on the financial institution you are reporting, and an explanation of how you feel your issue can be resolved.

Federal Trade Commission (FTC)

You can report scams to the FTC at https://reportfraud.ftc.gov/

You will be asked to provide information including how much money the scammer was paid, how the money was sent, the dates when money was sent, and how you were contacted.

We have recently been alerted to a new scam affecting consumers in our area that is a spin on classic phone phishing tactics. Here's the way the scam works:

You are contacted by someone posing as an employee of your financial institution or some other business with whom you have an account. The caller claims that your account has been hacked and asks you to type a series of numbers into the phone during the call. After entering the numbers, the call ends and you are suddenly unable to use your phone!

The way this works is the scammer will ask you to input the code *72 and a 10-digit phone number. When you input this into your phone and hit call, it automatically forwards all future calls to the 10-digit phone number you input after the *72. With your phone forwarding calls, the scammer is now free to commit fraud using your phone number and any attempts to contact you will be automatically rerouted to the scammer, allowing them to use your phone and identity for verification.

Here are steps you can take if you think you have been the victim of this scam:

• Dial *73 on your phone. This ends call forwarding to the other number.
• Check your accounts right away to ensure there has not been any fraud committed using your phone number. If you discover fraud, contact the business associated with any affected accounts to alert them to the situation.
• Whenever you receive a call from someone claiming to be from a specific bank or business and you are unsure whether the call is legitimate, end the call and contact the business directly using a known, publicly available number.

The newest scam involving malicious apps is a doozy. A cybercriminal will contact you impersonating a law enforcement officer, claiming that your bank account may be involved in financial fraud. They then ask you to download a mobile app to help them investigate further. Once you download the app, the cybercriminal walks you through several steps that set this scam in motion.

First, they give you a case number and ask you to search for that number in the app. When you search for the number, you'll find official-looking documents with your name on them. These are fake legal documents intended to make this interaction feel more legitimate. Once they have your guard down, the app will ask you to select your bank from a list and enter your account number and other personal information.

However, the most clever part of this scam is what the app is doing in the background. When you first install the app, it accesses your device's setting to block all incoming calls and text messages. By doing this, your bank will be unable to contact you about unusual behavior on your account. This gives the cybercriminals plenty of time to steal your money and sensitive information before you know what happened.

No matter how sophisticated these scammers become, you can stay safe from scams like this by following these simple tips:

Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites, including cybercriminals.

Be cautious of scare tactics intended to prey on your emotions. Cybercriminals want to catch you off guard and trick you into revealing sensitive information.

If you're contacted by someone claiming to be in a position of authority, like law enforcement, ask for confirmation of their identity. Real officials will understand your concerns and can provide information without requiring you to download an app.

What is an Account Takeover?

Account takeover is an attack in which cybercriminals seize ownership of online accounts by using stolen passwords and usernames, then use these credentials to commit fraud. They purchase personal information via the dark web—information collected through social engineering or data breaches. This information provides the necessary credentials for a fraudster to pose as a consumer. With this information, scammers can trick a consumer's financial institution to make changes to their accounts or card settings. They may change phone numbers, emails, or passcodes, apply for increased limits, or change the account holder's PIN and/or travel exemptions to interfere with the institution's fraud-monitoring tools.

Schemes that Contribute to Account Takeovers

Skimming & Malware

Deployment of card skimmers or malware to point-of-sale terminals continues to be a widespread method for stealing data. Compared to years past, small local businesses are more likely to compromised and have their data harvested. Stolen data is then passed through remote, wireless technologies with increasing frequency. 

Phishing, Vishing & Smishing

Phishing, Vishing, and Smishing are methods of data theft that involve tricking consumers into revealing confidential information. These schemes use social engineering combined with modern technology to deceive consumers into revealing critical information while disregarding legitimate fraud warnings.

Phishing schemes are becoming both more frequent, more targeted (called "spear-phishing"), and more difficult to identify than in the past. They utilize email to trick consumers into revealing personal information such as passwords or credit card numbers. Rather than relying on suspicious links in poorly designed emails, phishing emails mimic legitimate websites and appear more polished and credible. By using URL shortening tools such as TinyURL, scammers make detection of suspicious links difficult for even the most keen-eyed of users. Red flags can include mistakes in hyperlinks, grammar or punctuation.

Smishing is the fraudulent practice of sending text messages claiming to be from reputable companies to induce consumers to reveal their personal information, such as passwords or credit card numbers. Vishing is the same fraudulent practice enacted via phone calls. In both instances, consumers may be sent a voice or text message with transaction details requesting confirmation from the consumer. When they respond, they may be questioned for account details or asked to call back and provide account information. In some instances, they are sent a one-time passcode and instructed to reply "No Fraud" to the message.

Malware

Malicious software is a significant threat to the security of financial data. One such type of malware is a Man-in-the-Browser attack, where malicious software is installed to a consumer's computer in the background when the user is downloading some otherwise innocuous file. The malware is then able to monitor and hijack user web sessions to transfer funds or harvest payment cards and online banking credentials, while redirecting the consumer to a fictitious error page. This type of malware often deploys automatically when a user visits a compromised website.

How Should Consumers Protect Themselves?

Preventing account takeover is a joint effort between your financial institution and yourself. There are steps you should take to ensure you don't end up the victim of identity theft.

• If you are concerned about an automated message, do not respond to the call, text, or email. Contact the company in question via their official customer service number listed on their website. Do not contact any number provided by a suspicious caller or message and do not click on any links.
• Respond quickly if you notice unexplained activity on your accounts or suspect you may have been the victim of a data harvesting scheme. Contact your financial institution immediately to help mitigate your losses.
• Always be aware of what information you choose to submit online and never easily provide access to your personal information.
• Maintain an up-to-date, secure operating system along with robust security and anti-malware software. Rely on multiple layers of protection and security tools.
• Keep your two-factor authentication codes private. Never provide them via phone, text, or email. These should only be used to sign into banking, merchant, or payment accounts when the consumer is actively trying to access it.

We have recently received a number of calls from New Tripoli Bank customers who have been contacted by someone claiming to be from the bank and asking for personal information. These calls show up on the customer's phone with the caller ID saying they are from New Tripoli Bank, but the actual phone number of the caller is not one associated with the bank.

This is a common tactic used by scammers to create a sense of trust in their targets, to make them more likely to give up information. We want to remind our customers that New Tripoli Bank will never request a customer's personal, confidential information (bank card number, account number, social security number, personal identification number, or password) through telephone contact. If you should ever receive a telephone call requesting your personal confidential information that appears to be from New Tripoli Bank, do not respond to the caller and contact us immediately at (610) 298-8811.

You can learn more about how to protect yourself by reading our articles on identity theft and frauds, scams and phishing along with other topics on our security page.

We have received an increasing number of reports in recent weeks of customers falling victim to a type of scam known as a tech support scam. In this type of scam, the victim encounters a pop-up on their computer that looks like a normal notification you would receive from your system or antivirus software, often using logos from trusted companies or websites. The notification warns you about a security issue on your computer and instructs you to either call a phone number for help or to click a link to a spoofed tech support page.

There are a number of things scammers will try to do in these types of scams:

Install malware on your computer. Scammers will pose as tech support in order to convince you to give them remote access to your computer and then pretend to run a diagnostic test. What they are actually doing is installing malware or keyloggers onto your device so they can steal your personal information.

Steal personal information. Scammers create phony websites that look like the real deal to prey on your trust and convince you to enter personal information into their fake site, which then allows them to steal your identity and commit fraud.

Ask for money. A scammer will pose as a tech support representative, pretend to fix whatever issue the pop-up claimed was wrong with your computer, and then charge you for their "service." If someone asks you to purchase gift cards as payment, it is definitely a scammer. Legitimate businesses will never ask for gift cards as payment.

If you receive a pop-up notification on your computer that includes a phone number or asks you to click a link, do not call the number or click the link! Security pop-up warnings from real tech companies will never ask you to call a phone number or click on a link. Legitimate tech companies will also never contact you by phone, email or text message to tell you there's a problem with your computer.

Your best defense against these types of scams is keeping your computer's security software up-to-date. If you think you are being targeted by a tech support scam, do not click on the notification and instead have your security system run a scan of your computer for malware. Should you need any help fixing a problem, go to someone you know and trust. Visit your manufacturer's website directly to find online support or a phone number for their tech support.

What To Do If You Were Scammed

If you gave the scammer remote access to your computer, update your computer's security software, then run a scan and delete anything the scan identifies as an issue.

If you gave login information a tech support scammer, change your passwords right away. Make sure you also change the password on any accounts or sites with the same password. Make sure you use a strong password.

If you paid a tech support scammer with your credit or debit card, contact the credit card company or your bank immediately. Tell them what happened and ask if they can reverse the charges.

If you paid with a gift card, contact the company that issued the gift card right away to see if they can refund your money. Remember: legitimate businesses will not ask for gift cards as payment!

The wave of mail check fraud and mail theft continues to affect communities throughout Lehigh County. In a recent news release, PA state police asked for public assistance to identify a vehicle connected with multiple thefts from residential mailboxes. The latest thefts took place on the 5100 block of Arrowhead Drive in North Whitehall Township, where police report two men in a maroon sedan stole mail from a mailbox. State troopers then responded to a second theft in the 7900 block of Saegersville Road in Heidelberg Township, where men in a maroon sedan were seen stealing mail from a mailbox. Authorities have asked that anyone with information related to these thefts contact state police at Bethlehem at (610) 861-2026.

As always, New Tripoli Bank recommends customers take steps to protect their sensitive financial information from mail theft and mail check fraud:

• Set up online bill pay using our online or mobile banking tools, if you feel comfortable doing so. You can learn more about setting up automated bill pay here.
• If you want to continue mailing checks, we recommend you drop them off at your local Post Office or hand them directly to a USPS employee.

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

For more information on mail check fraud,  you can watch our Helpful Hints video on the topic!

With the government unveiling its sweeping new student loan forgiveness plan, millions of Americans are going to be looking for a piece of the debt relief package. This is the ideal setting for scammers to swoop in and take advantage of people's eagerness, tricking them into giving up sensitive personal and financial information.

You may be asking yourself "what do I have to do to claim this student loan relief?" You can read the full statement from the White House about the loan forgiveness program here https://studentaid.gov/debt-relief-announcement/

Before you click any email links or enter personal information into unfamiliar websites claiming to be official government pages, here are some tips to keep yourself ahead of the scammers trying to steal your identity.

Subscribe to official email updates from the Department of Education. As part of their announcement of the debt relief plan, the White House has set up a website where you can register to be notified when the loan forgiveness process officially opens. If you are seeking Public Service Loan Forgiveness, visit PLSF.gov to learn more and apply.

Never click on links from unexpected emails. If you haven't signed up for official updates from the Department of Education and you receive an official-looking email regarding student debt relief, don't reply or open any attachments. Before clicking any links, mouse over the link to see if the address pop-up contains a legitimate .gov URL.

Don't email personal and/or financial information. Email systems are not encrypted; therefore, emails should not contain confidential information. If you are asked to visit a website to provide personal or financial information, you should instead visit https://studentaid.gov/ to confirm the loan forgiveness process is officially open; this is the official website of the debt relief program and any application process will be located here.

Don't be fooled by urgent requests. The government will provide a very clear timeline well in advance of any cutoff date for applications. If you receive an email emphasizing the urgency of filling out an application and/or submitting information, this is most likely a scammer trying to take advantage of you.

Ignore anyone asking for money in exchange for debt relief. The government's debt relief program is entirely funded by taxpayers and will not require you to send money to anyone.

If you think you or someone you know have been the target of a scam, you should contact your financial institution as well as contact the FTC.

Scam artists are impersonating the Department of Revenue by sending Pennsylvania business owners fraudulent letters in the mail that direct them to turn over their accounting records. The goal of this ploy is to trick unsuspecting taxpayers into providing sensitive financial information, which the criminals behind the scheme can use for a number of illicit activities that could seriously harm a business' financial standing.  

"This is a prime example of fraudsters impersonating a government agency as they try to convince hardworking Pennsylvanians to turn over sensitive information about their businesses," Revenue Secretary Dan Hassell said. "We are urging Pennsylvania business owners to be on high alert if they receive a suspicious notice that includes the Department of Revenue name and logo. If you have any doubt at all about the legitimacy of a notice from the department, please use the contact information listed on our website, revenue.pa.gov. This is the best way to ensure you are speaking with a legitimate staff member at the Department of Revenue."

Understanding the Scam

The goal of this scam is to make the recipient of the letter believe they are being investigated by the Department of Revenue for an "alleged violation of delinquent sales tax liability." The letter also threatens taxpayers by saying penalties will be imposed on their accounts. Further, the letter includes contact information for a "Resolution Officer" and urges the business owner to provide accounting records prepared by a licensed professional, such as an attorney or CPA.

Providing this information allows the scammers to comb through the accounting records for sensitive information such as bank account numbers and other financial data, which could be used to make unauthorized transactions, request fraudulent tax refunds, and even apply for loans under the name of the business.

Although these counterfeit notices bear the department's name and logo, the notices include suspicious and inaccurate details that can help differentiate between a counterfeit notice sent by a scam artist and a legitimate notice sent by the Department of Revenue. Be on the lookout for notices that make dubious claims or include suspicious details. Here are some tips to keep in mind:

• The counterfeit notice does not include a return address. A notice from the Department of Revenue will always include an official Department of Revenue address as the return address.

• The counterfeit notice addresses the recipient as "Dear Business Owner." When the Department of Revenue attempts to contact a business through a notice in the mail, the notice typically addresses the business owner or business name.

• The counterfeit notice is sent by the "Pennsylvania Department of Revenue Tax Investigation & Enforcement Unit" and claims the business is "under investigation by the Pennsylvania State Revenue and Cash Disbursement Unit." While the department does conduct criminal tax investigations and tax enforcement, the units listed on the counterfeit notice are phony. Reach out to the department directly, as advised below, to determine if the "Unit" named exists.

• The counterfeit notice claims that the business has not registered their "entity with the Pennsylvania Department of State and The Sales and Use Tax Division." If you are an established business in Pennsylvania, it is likely that you already registered your business with the Pennsylvania Department of State and have registered for a sales tax license by completing the Department of Revenue's PA Online Business Entity Registration (PA-100).

Tips to Avoid This Scam

The Department of Revenue is encouraging Pennsylvanians to keep the following tips in mind to safeguard against this scam:

• Ensure You Are Speaking With Legitimate Representatives of the Department: This scam uses the Department of Revenue's name and logo to pose as a government entity. If you have any doubt at all about the legitimacy of a notice from the department, you should reach out to a department representative by using the Online Customer Service CenterOpens In A New Window. This allows the taxpayer to securely submit a question through a process that is very similar to sending an email.

• Examine the Notice: This counterfeit notice used vague language to cast a wide net to lure in as many victims as possible. Examine the notice for identifying information that can be verified. Look for blatant factual errors and other inconsistencies. If the notice is unexpected and demands immediate action, take a moment, and verify its legitimacy.

• Conduct Research Online: Use the information in a potentially counterfeit notice, such as a name, address or telephone number, to conduct a search online. The Department of Revenue's website, revenue.pa.gov, is the best source to verify information contained in a legitimate notice from the department. 

Steps To Follow if You Have a Question

If you are concerned about a potentially fraudulent notice, please visit the department's Verifying contact by the Department of Revenue webpage for verified phone numbers and contact information. This will help you ensure that you are speaking with a legitimate representative of the department.