Tax Day is fast approaching and with it, scammers are crawling out of the woodwork to cheat honest taxpayers out of their money.

Remember the old adage: "If it sounds too good to be true, it probably is!" Steer clear of anyone offering a way to "cheat" the tax system to get rich quick or avoid your obligation as a citizen of the United States to file your tax return and pay any outstanding taxes. Some of these schemes can literally cost you your life savings, while others can result in prosecution or imprisonment if you knowingly participate in them.

Abusive Return Preparer

Be very careful when selecting a business to help prepare your taxes. While there are plenty of reputable tax professionals that offer excellent service for their clients, there will inevitably be a few bad eggs who file false or fraudulent tax returns in order to defraud their clients.

Even if someone else prepares your return, the final responsibility for the accuracy of your tax return ultimately falls upon you. Check the credentials of your tax professional before relying on them to prepare you returns. Some red flags to watch out for include:

• A preparer asks for cash-only payment without providing a receipt.
• They claim fake deductions to inflate the size of your refund.
• The preparer invents false income in order to get their client more tax credits.
• They prepare your tax return but refuse to sign or include their IRS Preparer Tax Identification Number.
• Your refund is directed into their bank account rather than yours.

Abusive Tax Schemes

Anyone who browses social media for any amount of time will encounter people claiming they know a "cheat" or "workaround" that consumers can use to avoid paying taxes or to obtain a tax benefit. These schemes can take many forms, including:

• Offshore Tax Havens - Fraudsters create shell companies or trusts in these "tax havens" to hide income and assets offshore. These can also take the form of bank accounts in offshore tax havens, or money invested into digital assets such as cryptocurrency.
• Loan Schemes - Directors receive their income in the form of loans without any intention of ever repaying the loan, in order to avoid payroll taxes.
• Ponzi Schemes - Many Ponzi schemes claim the returns they generate are tax-free or that any losses you incur as part of a Ponzi scheme can offset your tax burden.
• Phantom Trusts - These are trusts set up for the sole purpose of claiming fraudulent deductions on tax returns in order to avoid paying taxes.
• Abusive Retirement Plans - These look like normal retirement plans but do not comply with tax laws, leading filers to claim improper deductions.

Non-Filer Enforcement

You may have come across a social media post or video featuring someone arguing that taxes are voluntary or illegal. They quote some part of the U.S. Constitution or U.S. Case Law to argue their point in order to bolster their argument.

Remember: you are (probably) not an attorney specializing in tax law, and this person making these claims most likely isn't either. Courts have repeatedly rejected these arguments as frivolous and routinely impose financial penalties for raising these arguments. Taxes are a mandatory part of living and working in the United States.

To help the public recognize and avoid abusive tax schemes, the IRS offers an materials for consumers to educate themselves. Familiarize yourself with the basics and report any suspicious activity to the IRS. You can learn more here: https://www.irs.gov/help/tax-scams/report-a-tax-scam-or-fraud

The holiday season is a time for thankfulness, togetherness, joy, and cheer. It's also the time of year when consumers need to be most vigilant of fraud, scams, and cyber-attacks! Stay on guard this holiday season so one of these common scams doesn't ruin your holiday plans.

This Season's Hot New Scams

Scammers are always looking for new ways to defraud people of their money and personal information. Whether it's modern technology or increased awareness of older scams, swindlers' methods are constantly evolving and adapting. Here are just a few of the newer scams we've seen in recent years:

Social Media Scams. As you scroll through the endless feed of content on your social media platform of choice, you'll come across hundreds of links that will take you off the platform to other websites. You need to be careful when clicking an external link on social media: it could be directing you to a scam website or even worse sending you to a site that will download malware onto your computer.

Before you click a link to an interesting news article or a remarkable offer on some product you were considering purchasing, take the time to instead search for that news story on a reputable news website or find that product on a trusted retailer's webpage.

Look-Alike Websites. Scammers are getting better at spoofing existing websites with the intent of capturing your account information or downloading malware onto your computer. Always double-check the URL of any website you visit. Scammers can create sites with URLs that look remarkably similar to those of legitimate sites. Make sure you're on Amazon.com, not Arnazon.com!

Fake Travel Booking Sites. Nothing ruins a holiday vacation like reserving your trip on a fake booking site. Scammers take advantage of common phrases and keywords to have their fake booking sites appear in search results for consumers looking for deals on popular travel destinations or through pop-up ads on vacation and travel blogs. When providing personal and financial information via the internet, always make sure you're on a legitimate business' website.

Compromised Account Alerts. You receive a surprise message on your phone claiming that your account has been compromised and instructing you to click a link to resolve the issue. You’ll feel the urge to click the link as soon as possible in case your information may be at risk—and that's when they get you! Scammers often use panic to stop you from thinking rationally in the moment, long enough to get you to surrender account information.

Financial institutions (New Tripoli Bank included) will never ask you to provide account information over the phone or via a link in a text message. When in doubt, you can contact whatever business the text message is claiming to represent in order to see if the alert is legitimate.

New Wrapping Paper, Same Old Scams

Not all scammers are reinventing the wheel this holiday season. In addition to the aforementioned schemes, many con artists fall back on classic scams updated with a new coat of paint, taking advantage of advances in communications technology to further obfuscate their true intentions from unsuspecting victims. Here's a refresher on some of the most common scams you'll encounter:

Gift Card Scams. Who doesn't love gift cards? I'll tell you who—government agencies, legitimate businesses, and financial institutions. If you receive a message from someone claiming to be from the government or some business to whom you owe money and they start asking for gift cards, this is an immediate red flag! Once your money has been put onto a gift card, it's impossible to recover in the event of a scam. That's why scammers love asking for payment in the form of gift cards.

Charity Scams. 'tis the season of giving, but unscrupulous scammers see the opportunity to take advantage of others' kindness in order to trick them out of their money. One common scam is being contacted by a fake charity thanking you for a donation you never made and then rushing you into providing payment. These fake charity scammers also rarely mention how they plan to use your donations to help those in need—since your money will never make it to them!

Always research any charity you intend to donate to, and never send donations in the form of gift cards, wire transfers, or cryptocurrency; all of these methods are hard to trace and impossible to recover your money from.

Package Delivery Scams. While these scams happen throughout the year, they are especially pernicious during the holidays when it is more likely consumers are on the lookout for updates on their package shipments. You'll receive a call or text from someone posing as the US Postal Service or other delivery service that will include a fake tracking link. The link will take you to a site requesting personal information, or it will download malware onto your device.

Fake Gift Exchanges. A variant of the old "pay in advance" scam, this scam asks you to join an online gift exchange, where you buy a $10 gift for a stranger with the promise of receiving many gifts from other participants in the future. Some of these function as pyramid schemes, asking you to contact additional participants in order to keep the grift going. Just use common sense when someone you don't know is asking you for money and respectfully decline.

Emergency Scams. One of the most common methods scammers use to get you to fall for their swindle is to create a sense of urgency or panic in order to keep you from taking the time to think about what they're asking you to do. One of the best ways to create this sense of urgency is to pretend to be a friend or family member in an emergency, such as a car accident or police arrest. These scammers will ask you to send them money in order to resolve their fake emergency, then disappear with your money. Oftentimes, these scammers will browse your social media in order to learn enough about your personal life in order to pretend to be a friend or family member.

Before you send any money, you should verify the person's story with another friend or family member. Ask questions of the caller that would be difficult for an impostor to answer correctly. Also, if they ask you to send them gift cards or wire money—that is an immediate red flag that this is a scam!

Puppy Scams. Pets can make great gifts but come with a lot of caveats. Fake pet sellers are a common issue for online marketplaces such as Facebook marketplace, where scammers post stock photos of animals looking for people who want to buy a pet, take their payment, and never deliver a furry friend. If you're thinking of gifting someone a pet for the holidays, you can take steps to make your transaction safer, such as asking questions of the seller, requesting to meet them in person, and requiring documentation.

What You Can Do

• If you feel that someone is trying to scam you, don't respond! Delete the email, hang up the phone, or trash the text message and block the email address or phone number that sent it.
• If you provide a scammer with personal or financial information before you realize you're being scammed (account numbers, date of birth, online banking username, passwords, etc.), contact your financial institution or other affected businesses immediately.
• Update your login credentials for any affected accounts as soon as possible. Enable multi-factor authentication on any site that offers it.

There's no such thing as a free lunch, and there's no such thing as a "free" security scan for your computer. You may have been browsing the internet in the past and seen a pop-up or ad for a "free" scan to find malware on your computer. Some of these ads might even have official-looking logos like the Windows logo to make them appear more legitimate. Don't fall for it! These are scammers impersonating well-known companies and using scare tactics to trick you into paying to fix computer problems that may not even exist.

Here's how the scam works: you will receive a pop-up informing you that there are viruses or other malicious software on your computer and will include a link for a free scan. Following the "scan," the scammer will contact you saying that they have identified supposed "serious issues" that require your immediate attention, then urge you purchase software that can "fix" these alleged problems. After you've purchased and installed the software—which can range anywhere from $25 to $60—you are provided with a number to call to "activate" the software. When you call this number, you're greeted by a telemarketer who will try to sell you additional services by claiming the "problems" on your computer are more severe than their software can handle.

There are simple steps you can take to avoid these types of scams:

• Don't click on links in pop-ups or other ads you encounter on the internet. If you see a product or service that interests you, search for it via Google or other search engine to find out if it is legitimate.
• Your computer can't be scanned by pop-up ads. If an ad on a website says its found problems on your computer, this is an obvious scam. Do not click the link, even if it has a logo you recognize like a Windows or Microsoft logo!
• Know that legitimate tech companies won't contact you by phone, email or text message to tell you there's a problem with your computer.
• Take the time to research anyone pressuring you into buying a product or service online.

You can learn more about this and other tech support scams at ftc.gov/techsupportscams.

Mail check fraud continues to be a serious problem facing consumers and banks and combatting this epidemic of fraud is a top priority for the security team here at New Tripoli Bank. This type of fraud occurs when someone steals uncashed checks, either from personal or Post Office mail boxes (i.e. the blue mailboxes), then "washes" the checks and alters them to cash out themselves or sells uncashed checks online. This leaves the person who wrote the check paying someone who is not the intended recipient.

New Tripoli Bank has put together a helpful infographic to help our customers who have been targeted by mail check fraud, which you can view here: https://www.newtripolibank.net/wp-content/uploads/2024/04/1709237178-AlteredChecksHandout.pdf 

What should you do when you fall victim to this type of fraud? Don’t beat yourself up! Anyone can fall victim to fraud and you shouldn’t feel stupid for being targeted by criminals. New Tripoli Bank is ready to help ensure your money and identity are kept safe from scammers.

1. Contact your bank and alert them that your personal financial information has been stolen.
2. Create a list of outstanding checks or any regular incoming or outgoing payments. You will need this information when you open a new account.
3. Visit your bank to close old accounts. New Tripoli Bank customer service representatives are trained to help customers close accounts that have been targeted by fraud and open new ones.
4. File a police report with your local police department.
5. Go to USPS.com to report stolen mail to the United States Postal Service or contact the U.S. Postal Inspector’s Office by calling 1-877-876-2455.

Where can I file complaints?

Consumer Financial Protection Bureau (CFPB)

Complaints can be filed with the CFPB at www.consumerfinance.gov/complaint/

The CFPB hears complaints about deposit accounts, credit cards, debt collection, and more.

You will be asked for dates, dollar amounts, and communications relevant to your complaint. You are allowed to attach documentation to prove your case.

Federal Reserve Board (FRB)

Complaints about financial institutions can be filed with the FRB at https://forms.federalreserveconsumerhelp.gov/secure/complaint/formComplaintIntro.html

You will be asked for identifying information, information on the financial institution you are reporting, and an explanation of how you feel your issue can be resolved.

Federal Trade Commission (FTC)

You can report scams to the FTC at https://reportfraud.ftc.gov/

You will be asked to provide information including how much money the scammer was paid, how the money was sent, the dates when money was sent, and how you were contacted.

We have recently been alerted to a new scam affecting consumers in our area that is a spin on classic phone phishing tactics. Here's the way the scam works:

You are contacted by someone posing as an employee of your financial institution or some other business with whom you have an account. The caller claims that your account has been hacked and asks you to type a series of numbers into the phone during the call. After entering the numbers, the call ends and you are suddenly unable to use your phone!

The way this works is the scammer will ask you to input the code *72 and a 10-digit phone number. When you input this into your phone and hit call, it automatically forwards all future calls to the 10-digit phone number you input after the *72. With your phone forwarding calls, the scammer is now free to commit fraud using your phone number and any attempts to contact you will be automatically rerouted to the scammer, allowing them to use your phone and identity for verification.

Here are steps you can take if you think you have been the victim of this scam:

• Dial *73 on your phone. This ends call forwarding to the other number.
• Check your accounts right away to ensure there has not been any fraud committed using your phone number. If you discover fraud, contact the business associated with any affected accounts to alert them to the situation.
• Whenever you receive a call from someone claiming to be from a specific bank or business and you are unsure whether the call is legitimate, end the call and contact the business directly using a known, publicly available number.

The newest scam involving malicious apps is a doozy. A cybercriminal will contact you impersonating a law enforcement officer, claiming that your bank account may be involved in financial fraud. They then ask you to download a mobile app to help them investigate further. Once you download the app, the cybercriminal walks you through several steps that set this scam in motion.

First, they give you a case number and ask you to search for that number in the app. When you search for the number, you'll find official-looking documents with your name on them. These are fake legal documents intended to make this interaction feel more legitimate. Once they have your guard down, the app will ask you to select your bank from a list and enter your account number and other personal information.

However, the most clever part of this scam is what the app is doing in the background. When you first install the app, it accesses your device's setting to block all incoming calls and text messages. By doing this, your bank will be unable to contact you about unusual behavior on your account. This gives the cybercriminals plenty of time to steal your money and sensitive information before you know what happened.

No matter how sophisticated these scammers become, you can stay safe from scams like this by following these simple tips:

Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites, including cybercriminals.

Be cautious of scare tactics intended to prey on your emotions. Cybercriminals want to catch you off guard and trick you into revealing sensitive information.

If you're contacted by someone claiming to be in a position of authority, like law enforcement, ask for confirmation of their identity. Real officials will understand your concerns and can provide information without requiring you to download an app.

What is an Account Takeover?

Account takeover is an attack in which cybercriminals seize ownership of online accounts by using stolen passwords and usernames, then use these credentials to commit fraud. They purchase personal information via the dark web—information collected through social engineering or data breaches. This information provides the necessary credentials for a fraudster to pose as a consumer. With this information, scammers can trick a consumer's financial institution to make changes to their accounts or card settings. They may change phone numbers, emails, or passcodes, apply for increased limits, or change the account holder's PIN and/or travel exemptions to interfere with the institution's fraud-monitoring tools.

Schemes that Contribute to Account Takeovers

Skimming & Malware

Deployment of card skimmers or malware to point-of-sale terminals continues to be a widespread method for stealing data. Compared to years past, small local businesses are more likely to compromised and have their data harvested. Stolen data is then passed through remote, wireless technologies with increasing frequency. 

Phishing, Vishing & Smishing

Phishing, Vishing, and Smishing are methods of data theft that involve tricking consumers into revealing confidential information. These schemes use social engineering combined with modern technology to deceive consumers into revealing critical information while disregarding legitimate fraud warnings.

Phishing schemes are becoming both more frequent, more targeted (called "spear-phishing"), and more difficult to identify than in the past. They utilize email to trick consumers into revealing personal information such as passwords or credit card numbers. Rather than relying on suspicious links in poorly designed emails, phishing emails mimic legitimate websites and appear more polished and credible. By using URL shortening tools such as TinyURL, scammers make detection of suspicious links difficult for even the most keen-eyed of users. Red flags can include mistakes in hyperlinks, grammar or punctuation.

Smishing is the fraudulent practice of sending text messages claiming to be from reputable companies to induce consumers to reveal their personal information, such as passwords or credit card numbers. Vishing is the same fraudulent practice enacted via phone calls. In both instances, consumers may be sent a voice or text message with transaction details requesting confirmation from the consumer. When they respond, they may be questioned for account details or asked to call back and provide account information. In some instances, they are sent a one-time passcode and instructed to reply "No Fraud" to the message.

Malware

Malicious software is a significant threat to the security of financial data. One such type of malware is a Man-in-the-Browser attack, where malicious software is installed to a consumer's computer in the background when the user is downloading some otherwise innocuous file. The malware is then able to monitor and hijack user web sessions to transfer funds or harvest payment cards and online banking credentials, while redirecting the consumer to a fictitious error page. This type of malware often deploys automatically when a user visits a compromised website.

How Should Consumers Protect Themselves?

Preventing account takeover is a joint effort between your financial institution and yourself. There are steps you should take to ensure you don't end up the victim of identity theft.

• If you are concerned about an automated message, do not respond to the call, text, or email. Contact the company in question via their official customer service number listed on their website. Do not contact any number provided by a suspicious caller or message and do not click on any links.
• Respond quickly if you notice unexplained activity on your accounts or suspect you may have been the victim of a data harvesting scheme. Contact your financial institution immediately to help mitigate your losses.
• Always be aware of what information you choose to submit online and never easily provide access to your personal information.
• Maintain an up-to-date, secure operating system along with robust security and anti-malware software. Rely on multiple layers of protection and security tools.
• Keep your two-factor authentication codes private. Never provide them via phone, text, or email. These should only be used to sign into banking, merchant, or payment accounts when the consumer is actively trying to access it.

We have recently received a number of calls from New Tripoli Bank customers who have been contacted by someone claiming to be from the bank and asking for personal information. These calls show up on the customer's phone with the caller ID saying they are from New Tripoli Bank, but the actual phone number of the caller is not one associated with the bank.

This is a common tactic used by scammers to create a sense of trust in their targets, to make them more likely to give up information. We want to remind our customers that New Tripoli Bank will never request a customer's personal, confidential information (bank card number, account number, social security number, personal identification number, or password) through telephone contact. If you should ever receive a telephone call requesting your personal confidential information that appears to be from New Tripoli Bank, do not respond to the caller and contact us immediately at (610) 298-8811.

You can learn more about how to protect yourself by reading our articles on identity theft and frauds, scams and phishing along with other topics on our security page.

We have received an increasing number of reports in recent weeks of customers falling victim to a type of scam known as a tech support scam. In this type of scam, the victim encounters a pop-up on their computer that looks like a normal notification you would receive from your system or antivirus software, often using logos from trusted companies or websites. The notification warns you about a security issue on your computer and instructs you to either call a phone number for help or to click a link to a spoofed tech support page.

There are a number of things scammers will try to do in these types of scams:

Install malware on your computer. Scammers will pose as tech support in order to convince you to give them remote access to your computer and then pretend to run a diagnostic test. What they are actually doing is installing malware or keyloggers onto your device so they can steal your personal information.

Steal personal information. Scammers create phony websites that look like the real deal to prey on your trust and convince you to enter personal information into their fake site, which then allows them to steal your identity and commit fraud.

Ask for money. A scammer will pose as a tech support representative, pretend to fix whatever issue the pop-up claimed was wrong with your computer, and then charge you for their "service." If someone asks you to purchase gift cards as payment, it is definitely a scammer. Legitimate businesses will never ask for gift cards as payment.

If you receive a pop-up notification on your computer that includes a phone number or asks you to click a link, do not call the number or click the link! Security pop-up warnings from real tech companies will never ask you to call a phone number or click on a link. Legitimate tech companies will also never contact you by phone, email or text message to tell you there's a problem with your computer.

Your best defense against these types of scams is keeping your computer's security software up-to-date. If you think you are being targeted by a tech support scam, do not click on the notification and instead have your security system run a scan of your computer for malware. Should you need any help fixing a problem, go to someone you know and trust. Visit your manufacturer's website directly to find online support or a phone number for their tech support.

What To Do If You Were Scammed

If you gave the scammer remote access to your computer, update your computer's security software, then run a scan and delete anything the scan identifies as an issue.

If you gave login information a tech support scammer, change your passwords right away. Make sure you also change the password on any accounts or sites with the same password. Make sure you use a strong password.

If you paid a tech support scammer with your credit or debit card, contact the credit card company or your bank immediately. Tell them what happened and ask if they can reverse the charges.

If you paid with a gift card, contact the company that issued the gift card right away to see if they can refund your money. Remember: legitimate businesses will not ask for gift cards as payment!

The wave of mail check fraud and mail theft continues to affect communities throughout Lehigh County. In a recent news release, PA state police asked for public assistance to identify a vehicle connected with multiple thefts from residential mailboxes. The latest thefts took place on the 5100 block of Arrowhead Drive in North Whitehall Township, where police report two men in a maroon sedan stole mail from a mailbox. State troopers then responded to a second theft in the 7900 block of Saegersville Road in Heidelberg Township, where men in a maroon sedan were seen stealing mail from a mailbox. Authorities have asked that anyone with information related to these thefts contact state police at Bethlehem at (610) 861-2026.

As always, New Tripoli Bank recommends customers take steps to protect their sensitive financial information from mail theft and mail check fraud:

• Set up online bill pay using our online or mobile banking tools, if you feel comfortable doing so. You can learn more about setting up automated bill pay here.
• If you want to continue mailing checks, we recommend you drop them off at your local Post Office or hand them directly to a USPS employee.

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

For more information on mail check fraud,  you can watch our Helpful Hints video on the topic!