The Internal Revenue Service is urging taxpayers to be on the lookout for a surge of calls and email phishing attempts about the Coronavirus or COVID-19. These contacts can lead to tax-related fraud and identity theft.

Remember: the IRS will not call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster. This also applies to surprise emails that appear to be coming from the IRS. Don't open any links or attachments in emails that say they are from the IRS. Instead, you should go to IRS.gov for the most up-to-date information.

Be cautious not only of emails but also text messages, websites and social media messages requesting money or personal information. Criminals take every opportunity to perpetrate a fraud on unsuspecting victims, especially when a group of people is in a state of need or especially vulnerable. The IRS Criminal Investigation Division is working hard to find these scammers and shut them down, but in the meantime it’s important to remain vigilant."

Don't Fall Prey to Coronavirus Scams

The IRS and its Criminal Investigation Division have seen a wave of new and evolving phishing schemes against taxpayers. In a majority of cases, the IRS will deposit economic impact payments into the direct deposit account taxpayers previously provided on tax returns. If you have previously filed but not provided direct deposit information to the IRS, you will soon be able to provide your banking information online to a newly-designed secure portal on IRS.gov in mid-April 2020. If the IRS does not have your direct deposit information, a check will be mailed to the address on file.

The IRS will not be reaching out to you via email, text, or other means of messaging to get this information – if you receive any communications asking you for personal or financial information, do not respond! In addition, you should not trust someone else with your direct deposit or other banking information, so that they may input it into the secure portal on your behalf.

Retirees Among Potential Targets

We want to remind retirees who don't normally have to file tax returns: for retirees, no action is required to receive their $1,200 economic impact payment. Seniors should be especially careful during this period. The IRS reminds retirees – including recipients of Forms SSA-1099 and RRB-1099 − that no one from the agency will be reaching out to you by phone, email, mail or in person asking for any kind of information to complete their economic impact payment. The IRS is sending these $1,200 payments automatically to retirees – no additional action or information is needed on their part to receive this.

It is also important to remember that these payments are called economic impact payments – fraudsters will sometimes refer to them as rebates or stimulus payments and this is a big red flag that the contact is a scam.

The IRS reminds taxpayers that scammers may:

• Ask the taxpayer to sign over their economic impact payment check to them.
• Ask by phone, email, text or social media for verification of personal and/or banking information saying that the information is needed to receive or speed up their economic impact payment.
• Suggest that they can get a tax refund or economic impact payment faster by working on the taxpayer's behalf. This scam could be conducted by social media or even in person.
• Mail the taxpayer a bogus check, perhaps in an odd amount, then tell the taxpayer to call a number or verify information online in order to cash it.
• Emphasize the words "Stimulus Check" or "Stimulus Payment." The official term is “economic impact payment.”

Reporting Coronavirus-related or other phishing attempts

Those who receive unsolicited emails, text messages or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), should forward it to phishing@irs.gov.

Taxpayers are encouraged not to engage potential scammers online or on the phone. Learn more about reporting suspected scams by going to the Report Phishing and Online Scams page on IRS.gov.

Official IRS information about the COVID-19 pandemic and economic impact payments can be found on the Coronavirus Tax Relief page on IRS.gov. The page is updated quickly when new information is available.

We've all been on the receiving end of gift cards for the holidays. After all, they are a convenient present for when you're not sure what to get your friend or relative, but still need to get a gift for them.

Unfortunately, what should be something harmless can often be used by scammers as a way to defraud people out of their money. After all, a gift card is just like cash (i.e. any misuse is hard to trace) and, unlike credit cards, there usually aren't any resources customers can turn to when their gift card is stolen or used without authorization, so it is difficult to reverse a fraudulent transaction or get a refund.

Another common gift card scam occurs when someone poses as an attorney for a family member, claiming that family member is in legal trouble and needs help. The scammer will contact you via phone or email and ask you to purchase gift cards in specific amounts to pay them. Once you purchase these gift cards, the scammer will ask you to provide the card numbers and PINs so that the scammer can redeem the funds, leaving you out several hundred dollars.

Asking for gift cards to pay for legal issues and unexpected contact via phone or email are both big red flags that you might be the target of a scam. Remember: no business or government agency will ask you to make payments with gift cards. It's also a good rule of thumb to avoid making payments via phone or by wiring money, unless you can confirm the request is legitimate via other communications.

Also, be on the lookout for gift card scams when you're selling items. There is a common gift card scam that involves a person offering to purchase an item and sending you a check for more than the item's purchase price. They will then ask you to send back the difference in the form of a gift card. When you attempt to cash the check later, you will discover it is fake!

If you suspect you've been the victim of a gift card scam, you should report the situation to your local police department as well as notify the Federal Trade Commission (FTC), which tracks these scams. In addition, you should immediately report the scam to the merchant or company that issued your card and ask if they can refund your money. Most issuers have a toll-free telephone number to report lost or stolen cards, and you may get back the money left on the card or at least a portion of it (there is sometimes a fee for providing a refund). Be sure to keep the receipt and a record of the card number as you may need to provide this information when you report fraud.

Tips When Buying Gift Cards

Scammers asking for gift cards isn't the only way you can be defrauded. Here are some safety tips you should keep in mind when you're buying gift cards.

• Avoid buying gift cards from unfamiliar websites. You should only buy gift cards from sources you know and trust.
• If you are buying physical cards from a retailer, check before purchase. Sometimes criminals will scratch off the backs of the cards and steal the numbers and PIN.
• Read the fine print. Make sure you understand the terms and conditions. Check for an expiration date, fees to use the card, and fees for dormant cards.
• Register your card. This may help protect you in case the card is lost or stolen.

Wawa is notifying potentially impacted individuals about a data security incident that affected customer payment card information used at potentially all Wawa locations during a specific timeframe. Based on the investigation to date, the information is limited to payment card information, including debit and credit card numbers, expiration dates and cardholder names, but does not include PIN numbers or CVV2 numbers. The ATM cash machines in Wawa stores were not impacted by this incident. At this time, Wawa is not aware of any unauthorized use of any payment card information as a result of this incident.

Wawa’s information security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. After discovering this malware, Wawa immediately engaged a leading external forensics firm and notified law enforcement. Based on Wawa’s forensic investigation, Wawa now understands that this malware began running at different points in time after March 4, 2019. Wawa took immediate steps after discovering this malware and believes it no longer poses a risk to customers.

“At Wawa, the people who come through our doors are not just customers, they are our friends and neighbors, and nothing is more important than honoring and protecting their trust,” said Chris Gheysens, Wawa CEO. “Once we discovered this malware, we immediately took steps to contain it and launched a forensics investigation so that we could share meaningful information with our customers. I want to reassure anyone impacted they will not be responsible for fraudulent charges related to this incident. To all our friends and neighbors, I apologize deeply for this incident.”

Wawa is supporting its customers by offering identity protection and credit monitoring services at no charge to them. Information about how to enroll can be found on the Wawa website below. Wawa has also established resources to answer customers’ questions, including a dedicated call center that can be reached at 1-844-386-9559, Monday through Friday, between 9:00 am and 9:00 pm Eastern Time or Saturday and Sunday between 11:00 am and 8:00 pm, excluding holidays.

New Tripoli Bank is also ready to support our customers who may have concerns about their account security. You can download our mobile banking app and set up push notifications to alert you when there is activity on your New Tripoli Bank accounts, so you will be notified immediately if there are any suspicious or fraudulent transactions made on your account. Take the time to update your passwords. If you think one of your cards has been compromised, you can deactivate your card by using our mobile banking or online banking tools or by calling our toll-free number at 888-298-8821 (during business hours), 800-264-5578 (after business hours) or 701-461-2552 (international) and requesting a new card.

A detailed notice and open letter to customers from Wawa’s CEO notifying potentially affected individuals about the incident is available at www.wawa.com/alerts/data-security

Tips for Secure Online Shopping

The internet has revolutionized the way we shop. You can search for items from many different sellers from the comfort of your living room, easily compare pricing between vendors, and purchase products with the click of a mouse. While this has made shopping easier than ever, it leaves you vulnerable to attackers attempting to steal your personal and financial information. Criminals who get a hold of sensitive data can use it for their personal gain, making purchases with your account or selling the information to the highest bidder, while negatively affecting your financial security.

How do criminals target consumers?

There are four methods criminals commonly use to take advantage of online shoppers:

• Target vulnerable computers – Hackers will try to gain access to your computer and all the data contained therein. That's why it's important to take steps to protect your personal computers from viruses or malicious code. This also applies to vendors handling sensitive information; they must protect any customer data stored on their business devices.
• Intercept financial transactions – If transaction information isn't encrypted at the point of sale, criminals may be able to intercept the information as it is being transmitted.
• Sending phishing emails – Scammers don't need to infect your computer with a virus or malware in order to gain access to personal information. Attackers will often send emails that appear to be legitimate in order to convince you to supply them with information.
• Creating fraudulent websites – Hackers have become very good at creating phony websites that look like official webpages in order to trick people into entering in personal information.

How can you protect yourself?

Now that you know the tactics attackers will use to gain access to your information, it's important to keep these tips in mind when shopping online:

• Be skeptical of emails asking for your personal information – You should never assume the legitimacy of any email that asks you to provide account information. Most businesses do not solicit account information or ask for purchase confirmations via email. A good rule of thumb: never provide sensitive information through email. If an email asks you to click a link, you should instead visit the company's website directly.
• Only do business with reputable vendors – Any time you visit a shopping site, you should verify that you're working with a reputable vendor. Always review the site certificate information (paying special attention to the "issued to" information) and take note of phone numbers and physical addresses in case there is a problem with your purchase or your bill.
• Use a credit card – Credit cards usually offer greater fraud protection than debit cards. Also, because they are not tied directly to your bank account, you'll still have access to your money in the event that you need to deactivate your card.
• Make sure your information is encrypted – If a site is using a secure, encrypted connection, the URL will begin with "https" instead of "http" and your address bar will show a locked padlock icon like this 🔒. Some attackers will use a fake padlock icon on the website itself; you want to make sure the icon appears in your browser's address bar.
• Check your shopping app's settings – Be careful when using an app to shop. There is no legal limit on your liability for funds stored on a shopping app or gift card.
• Check your statements – Keep a record of any purchases you make online and compare them with your regular financial statements. Any discrepancies should immediately be reported to your financial institution.
• Read the vendor's privacy policy – You should always be aware of how your sensitive data is being used before you provide a seller with any personal or financial information.

One of the descriptors most commonly attributed to millennials is "tech-savvy." Coming of age in the late 90's and early 00's, during the Information Age and the rise of social media, we think of millennials as "plugged in" and exceptionally cognizant of how to navigate the internet. Consequently, one would assume millennials are skilled at avoiding the pitfalls of an increasingly connected world.

However, millennials are just as vulnerable to scams as previous generations. In fact, millennials are twice as likely as people 40 or older to report losing money while shopping online and 77% more likely to report losing money to an email scam. Even more worrying, Generation Y is 93% more likely than people age 40 or older to fall victim to fake check scams. According to the FTC, millennials reported losing nearly $450 million to fraud since 2017, with $71 million the result of online shopping scams alone.

The basics of these fraud schemes are familiar, but utilize new technology in ways that make them more difficult to recognize. Here are some schemes that scammers are using and how you can avoid becoming a victim:

Fake Employment Offers

Finding a job can be stressful and many millennials are willing to look past some red flags if it means landing a well-paying job. Here's how it works: the scammer will offer a position to their target, often with great pay, then send them a fake cashier's check to purchase equipment needed for the job. The best way to avoid these types of scams: if you're sent a large check from someone you don't know well, always check with the financial institution on any check you cash to make sure the check is real.

Device Activation Scams

Millennials are the generation of smart phones, iPads, and Alexa. Scammers know this, which is why one of the most common scams involves sending an email alerting the consumer of an activation fee for their new device. The scammer includes a fake customer support number or creates a fake website that looks like the actual product website, where the consumer is asked to provide credit card and device information to pay the activation fee. Not only does this give the scammer access to your device, it will also give them access to your identity.

The best way to avoid this: most devices don't require an activation fee! Device activation is usually handled at the point of sale, rather than in a follow-up email. If you're still unsure (or if you receive a suspicious email asking you to call a customer support number or visit a website to enter personal information in general), you should visit the manufacturer's website directly instead of clicking any links or calling numbers in suspicious emails.

Social Media Scams

It is true that millennials are much better at avoiding scams that involve phone and email. However, when the same scams are attempted through social media, 53% of consumers report having lost money to fraud. Because we share so much on social media, scammers are better able to find vulnerable consumers, such as those who are lonely or recently experienced a loss, or younger adults feeling financial pressure. Always be skeptical of offers made through social media, doubly so if you don't know the person contacting you.

Social media can actually help you avoid these scams; if you suspect a scam, search social media to see if others have encountered something similar. People often post warnings about scams after they've become victims. While the internet has provided scammers increased access to consumers, it has also given consumers access to knowledge to fight back against fraud.

In recognition of National Cybersecurity Month in October, New Tripoli Bank is reminding consumers of simple steps they can take to safeguard their sensitive data when making purchases online or via a smart device and what to do if they suspect their information has been compromised.

Educating customers about account security and cyber threats is something we all must be conscious about if we want to reduce the risk of sensitive information being exploited for criminal use. New Tripoli Bank takes great care in handling our customers’ sensitive information and we want to equip you with practical steps you can take to help strengthen our nation’s cybersecurity ecosystem and avoid falling prey to identity theft and fraud this holiday season.

There are steps consumers can take to reduce their chances of becoming a victim of identity theft or fraud. New Tripoli Bank encourages consumers to:

• Enable the strongest authentication tools offered by their bank. New Tripoli Bank asks that our customers set up security questions and provide nick names for their bank accounts to help protect their information when using our online banking tool. You can also set up the mobile banking app to quickly display account balances without having to log in and risk someone seeing your information.
• Use complex passwords and differentiate them across multiple platforms. For example, customers should use one password for their online bank account and another for their email account. Another strong security practice is to answer your security questions with fake answers that only you know, so someone with knowledge of your personal history can't use that information against you.
• Do a system check. Purge unused apps and outdated or sensitive information stored in old files and emails and ensure all software on internet-connected devices is current.

Consumers can also make sure their account has not been compromised by taking the following steps:

• Check bank statements regularly to ensure the purchases are legitimate.
• Read the fine print when purchasing items online. Often a website or application will ask for permission to save account information.
• Stay vigilant. Be mindful when shopping online and look for signs of illegitimate websites. Spelling or grammatical errors, missing contact information, and suspicious URLs or email addresses are all red flags.

If you are worried about the security of your account, you can de-activate access to your debit or ATM cards through our online banking tool or mobile banking app.

Learn more about how to protect your digital life during National Cybersecurity Awareness Month by visiting the Stay Safe Online website.