security Archives | New Tripoli Bank
Log In× Close

There's no such thing as a free lunch, and there's no such thing as a "free" security scan for your computer. You may have been browsing the internet in the past and seen a pop-up or ad for a "free" scan to find malware on your computer. Some of these ads might even have official-looking logos like the Windows logo to make them appear more legitimate. Don't fall for it! These are scammers impersonating well-known companies and using scare tactics to trick you into paying to fix computer problems that may not even exist.

Here's how the scam works: you will receive a pop-up informing you that there are viruses or other malicious software on your computer and will include a link for a free scan. Following the "scan," the scammer will contact you saying that they have identified supposed "serious issues" that require your immediate attention, then urge you purchase software that can "fix" these alleged problems. After you've purchased and installed the software—which can range anywhere from $25 to $60—you are provided with a number to call to "activate" the software. When you call this number, you're greeted by a telemarketer who will try to sell you additional services by claiming the "problems" on your computer are more severe than their software can handle.

There are simple steps you can take to avoid these types of scams:

You can learn more about this and other tech support scams at ftc.gov/techsupportscams.

Mail check fraud continues to be a serious problem facing consumers and banks and combatting this epidemic of fraud is a top priority for the security team here at New Tripoli Bank. This type of fraud occurs when someone steals uncashed checks, either from personal or Post Office mail boxes (i.e. the blue mailboxes), then "washes" the checks and alters them to cash out themselves or sells uncashed checks online. This leaves the person who wrote the check paying someone who is not the intended recipient.

New Tripoli Bank has put together a helpful infographic to help our customers who have been targeted by mail check fraud, which you can view here: https://www.newtripolibank.net/wp-content/uploads/2024/04/1709237178-AlteredChecksHandout.pdf 

What should you do when you fall victim to this type of fraud? Don’t beat yourself up! Anyone can fall victim to fraud and you shouldn’t feel stupid for being targeted by criminals. New Tripoli Bank is ready to help ensure your money and identity are kept safe from scammers.

  1. Contact your bank and alert them that your personal financial information has been stolen.
  2. Create a list of outstanding checks or any regular incoming or outgoing payments. You will need this information when you open a new account.
  3. Visit your bank to close old accounts. New Tripoli Bank customer service representatives are trained to help customers close accounts that have been targeted by fraud and open new ones.
  4. File a police report with your local police department.
  5. Go to USPS.com to report stolen mail to the United States Postal Service or contact the U.S. Postal Inspector’s Office by calling 1-877-876-2455.

Where can I file complaints?

CFPB Logo

Consumer Financial Protection Bureau (CFPB)

Complaints can be filed with the CFPB at www.consumerfinance.gov/complaint/

The CFPB hears complaints about deposit accounts, credit cards, debt collection, and more.

You will be asked for dates, dollar amounts, and communications relevant to your complaint. You are allowed to attach documentation to prove your case.

FRB Logo

Federal Reserve Board (FRB)

Complaints about financial institutions can be filed with the FRB at https://forms.federalreserveconsumerhelp.gov/secure/complaint/formComplaintIntro.html

You will be asked for identifying information, information on the financial institution you are reporting, and an explanation of how you feel your issue can be resolved.

FTC Logo

Federal Trade Commission (FTC)

You can report scams to the FTC at https://reportfraud.ftc.gov/

You will be asked to provide information including how much money the scammer was paid, how the money was sent, the dates when money was sent, and how you were contacted.

We have recently been alerted to a new scam affecting consumers in our area that is a spin on classic phone phishing tactics. Here's the way the scam works:

You are contacted by someone posing as an employee of your financial institution or some other business with whom you have an account. The caller claims that your account has been hacked and asks you to type a series of numbers into the phone during the call. After entering the numbers, the call ends and you are suddenly unable to use your phone!

The way this works is the scammer will ask you to input the code *72 and a 10-digit phone number. When you input this into your phone and hit call, it automatically forwards all future calls to the 10-digit phone number you input after the *72. With your phone forwarding calls, the scammer is now free to commit fraud using your phone number and any attempts to contact you will be automatically rerouted to the scammer, allowing them to use your phone and identity for verification.

Here are steps you can take if you think you have been the victim of this scam:

The newest scam involving malicious apps is a doozy. A cybercriminal will contact you impersonating a law enforcement officer, claiming that your bank account may be involved in financial fraud. They then ask you to download a mobile app to help them investigate further. Once you download the app, the cybercriminal walks you through several steps that set this scam in motion.

First, they give you a case number and ask you to search for that number in the app. When you search for the number, you'll find official-looking documents with your name on them. These are fake legal documents intended to make this interaction feel more legitimate. Once they have your guard down, the app will ask you to select your bank from a list and enter your account number and other personal information.

However, the most clever part of this scam is what the app is doing in the background. When you first install the app, it accesses your device's setting to block all incoming calls and text messages. By doing this, your bank will be unable to contact you about unusual behavior on your account. This gives the cybercriminals plenty of time to steal your money and sensitive information before you know what happened.

No matter how sophisticated these scammers become, you can stay safe from scams like this by following these simple tips:

Only download apps from trusted publishers. Anyone can publish an app on official app stores or sites, including cybercriminals.

Be cautious of scare tactics intended to prey on your emotions. Cybercriminals want to catch you off guard and trick you into revealing sensitive information.

If you're contacted by someone claiming to be in a position of authority, like law enforcement, ask for confirmation of their identity. Real officials will understand your concerns and can provide information without requiring you to download an app.

What is an Account Takeover?

Account takeover is an attack in which cybercriminals seize ownership of online accounts by using stolen passwords and usernames, then use these credentials to commit fraud. They purchase personal information via the dark web—information collected through social engineering or data breaches. This information provides the necessary credentials for a fraudster to pose as a consumer. With this information, scammers can trick a consumer's financial institution to make changes to their accounts or card settings. They may change phone numbers, emails, or passcodes, apply for increased limits, or change the account holder's PIN and/or travel exemptions to interfere with the institution's fraud-monitoring tools.

Schemes that Contribute to Account Takeovers

Skimming & Malware

Deployment of card skimmers or malware to point-of-sale terminals continues to be a widespread method for stealing data. Compared to years past, small local businesses are more likely to compromised and have their data harvested. Stolen data is then passed through remote, wireless technologies with increasing frequency. 

Phishing, Vishing & Smishing

Phishing, Vishing, and Smishing are methods of data theft that involve tricking consumers into revealing confidential information. These schemes use social engineering combined with modern technology to deceive consumers into revealing critical information while disregarding legitimate fraud warnings.

Phishing schemes are becoming both more frequent, more targeted (called "spear-phishing"), and more difficult to identify than in the past. They utilize email to trick consumers into revealing personal information such as passwords or credit card numbers. Rather than relying on suspicious links in poorly designed emails, phishing emails mimic legitimate websites and appear more polished and credible. By using URL shortening tools such as TinyURL, scammers make detection of suspicious links difficult for even the most keen-eyed of users. Red flags can include mistakes in hyperlinks, grammar or punctuation.

Smishing is the fraudulent practice of sending text messages claiming to be from reputable companies to induce consumers to reveal their personal information, such as passwords or credit card numbers. Vishing is the same fraudulent practice enacted via phone calls. In both instances, consumers may be sent a voice or text message with transaction details requesting confirmation from the consumer. When they respond, they may be questioned for account details or asked to call back and provide account information. In some instances, they are sent a one-time passcode and instructed to reply "No Fraud" to the message.

Malware

Malicious software is a significant threat to the security of financial data. One such type of malware is a Man-in-the-Browser attack, where malicious software is installed to a consumer's computer in the background when the user is downloading some otherwise innocuous file. The malware is then able to monitor and hijack user web sessions to transfer funds or harvest payment cards and online banking credentials, while redirecting the consumer to a fictitious error page. This type of malware often deploys automatically when a user visits a compromised website.

How Should Consumers Protect Themselves?

Preventing account takeover is a joint effort between your financial institution and yourself. There are steps you should take to ensure you don't end up the victim of identity theft.

We have recently received a number of calls from New Tripoli Bank customers who have been contacted by someone claiming to be from the bank and asking for personal information. These calls show up on the customer's phone with the caller ID saying they are from New Tripoli Bank, but the actual phone number of the caller is not one associated with the bank.

This is a common tactic used by scammers to create a sense of trust in their targets, to make them more likely to give up information. We want to remind our customers that New Tripoli Bank will never request a customer's personal, confidential information (bank card number, account number, social security number, personal identification number, or password) through telephone contact. If you should ever receive a telephone call requesting your personal confidential information that appears to be from New Tripoli Bank, do not respond to the caller and contact us immediately at (610) 298-8811.

You can learn more about how to protect yourself by reading our articles on identity theft and frauds, scams and phishing along with other topics on our security page.

Pop Up Scam

We have received an increasing number of reports in recent weeks of customers falling victim to a type of scam known as a tech support scam. In this type of scam, the victim encounters a pop-up on their computer that looks like a normal notification you would receive from your system or antivirus software, often using logos from trusted companies or websites. The notification warns you about a security issue on your computer and instructs you to either call a phone number for help or to click a link to a spoofed tech support page.

There are a number of things scammers will try to do in these types of scams:

Install malware on your computer. Scammers will pose as tech support in order to convince you to give them remote access to your computer and then pretend to run a diagnostic test. What they are actually doing is installing malware or keyloggers onto your device so they can steal your personal information.

Steal personal information. Scammers create phony websites that look like the real deal to prey on your trust and convince you to enter personal information into their fake site, which then allows them to steal your identity and commit fraud.

Ask for money. A scammer will pose as a tech support representative, pretend to fix whatever issue the pop-up claimed was wrong with your computer, and then charge you for their "service." If someone asks you to purchase gift cards as payment, it is definitely a scammer. Legitimate businesses will never ask for gift cards as payment.

If you receive a pop-up notification on your computer that includes a phone number or asks you to click a link, do not call the number or click the link! Security pop-up warnings from real tech companies will never ask you to call a phone number or click on a link. Legitimate tech companies will also never contact you by phone, email or text message to tell you there's a problem with your computer.

Your best defense against these types of scams is keeping your computer's security software up-to-date. If you think you are being targeted by a tech support scam, do not click on the notification and instead have your security system run a scan of your computer for malware. Should you need any help fixing a problem, go to someone you know and trust. Visit your manufacturer's website directly to find online support or a phone number for their tech support.

Tech Support Scams

What To Do If You Were Scammed

If you gave the scammer remote access to your computer, update your computer's security software, then run a scan and delete anything the scan identifies as an issue.

If you gave login information a tech support scammer, change your passwords right away. Make sure you also change the password on any accounts or sites with the same password. Make sure you use a strong password.

If you paid a tech support scammer with your credit or debit card, contact the credit card company or your bank immediately. Tell them what happened and ask if they can reverse the charges.

If you paid with a gift card, contact the company that issued the gift card right away to see if they can refund your money. Remember: legitimate businesses will not ask for gift cards as payment!

Suspicious Car

The wave of mail check fraud and mail theft continues to affect communities throughout Lehigh County. In a recent news release, PA state police asked for public assistance to identify a vehicle connected with multiple thefts from residential mailboxes. The latest thefts took place on the 5100 block of Arrowhead Drive in North Whitehall Township, where police report two men in a maroon sedan stole mail from a mailbox. State troopers then responded to a second theft in the 7900 block of Saegersville Road in Heidelberg Township, where men in a maroon sedan were seen stealing mail from a mailbox. Authorities have asked that anyone with information related to these thefts contact state police at Bethlehem at (610) 861-2026.

As always, New Tripoli Bank recommends customers take steps to protect their sensitive financial information from mail theft and mail check fraud:

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

For more information on mail check fraud,  you can watch our Helpful Hints video on the topic!

Helpful Hints Mail Check Fraud

With the government unveiling its sweeping new student loan forgiveness plan, millions of Americans are going to be looking for a piece of the debt relief package. This is the ideal setting for scammers to swoop in and take advantage of people's eagerness, tricking them into giving up sensitive personal and financial information.

You may be asking yourself "what do I have to do to claim this student loan relief?" You can read the full statement from the White House about the loan forgiveness program here https://studentaid.gov/debt-relief-announcement/

Before you click any email links or enter personal information into unfamiliar websites claiming to be official government pages, here are some tips to keep yourself ahead of the scammers trying to steal your identity.

Subscribe to official email updates from the Department of Education. As part of their announcement of the debt relief plan, the White House has set up a website where you can register to be notified when the loan forgiveness process officially opens. If you are seeking Public Service Loan Forgiveness, visit PLSF.gov to learn more and apply.

Never click on links from unexpected emails. If you haven't signed up for official updates from the Department of Education and you receive an official-looking email regarding student debt relief, don't reply or open any attachments. Before clicking any links, mouse over the link to see if the address pop-up contains a legitimate .gov URL.

Don't email personal and/or financial information. Email systems are not encrypted; therefore, emails should not contain confidential information. If you are asked to visit a website to provide personal or financial information, you should instead visit https://studentaid.gov/ to confirm the loan forgiveness process is officially open; this is the official website of the debt relief program and any application process will be located here.

Don't be fooled by urgent requests. The government will provide a very clear timeline well in advance of any cutoff date for applications. If you receive an email emphasizing the urgency of filling out an application and/or submitting information, this is most likely a scammer trying to take advantage of you.

Ignore anyone asking for money in exchange for debt relief. The government's debt relief program is entirely funded by taxpayers and will not require you to send money to anyone.

If you think you or someone you know have been the target of a scam, you should contact your financial institution as well as contact the FTC.

Scam Letter

Scam artists are impersonating the Department of Revenue by sending Pennsylvania business owners fraudulent letters in the mail that direct them to turn over their accounting records. The goal of this ploy is to trick unsuspecting taxpayers into providing sensitive financial information, which the criminals behind the scheme can use for a number of illicit activities that could seriously harm a business' financial standing.  

"This is a prime example of fraudsters impersonating a government agency as they try to convince hardworking Pennsylvanians to turn over sensitive information about their businesses," Revenue Secretary Dan Hassell said. "We are urging Pennsylvania business owners to be on high alert if they receive a suspicious notice that includes the Department of Revenue name and logo. If you have any doubt at all about the legitimacy of a notice from the department, please use the contact information listed on our website, revenue.pa.gov. This is the best way to ensure you are speaking with a legitimate staff member at the Department of Revenue."

Understanding the Scam

The goal of this scam is to make the recipient of the letter believe they are being investigated by the Department of Revenue for an "alleged violation of delinquent sales tax liability." The letter also threatens taxpayers by saying penalties will be imposed on their accounts. Further, the letter includes contact information for a "Resolution Officer" and urges the business owner to provide accounting records prepared by a licensed professional, such as an attorney or CPA.

Providing this information allows the scammers to comb through the accounting records for sensitive information such as bank account numbers and other financial data, which could be used to make unauthorized transactions, request fraudulent tax refunds, and even apply for loans under the name of the business.

Although these counterfeit notices bear the department's name and logo, the notices include suspicious and inaccurate details that can help differentiate between a counterfeit notice sent by a scam artist and a legitimate notice sent by the Department of Revenue. Be on the lookout for notices that make dubious claims or include suspicious details. Here are some tips to keep in mind:

Tips to Avoid This Scam

The Department of Revenue is encouraging Pennsylvanians to keep the following tips in mind to safeguard against this scam:

Steps To Follow if You Have a Question

If you are concerned about a potentially fraudulent notice, please visit the department's Verifying contact by the Department of Revenue webpage for verified phone numbers and contact information. This will help you ensure that you are speaking with a legitimate representative of the department.

Next Page »