October 24, 2019Fake Check Scams

The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise. Some fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake. These fakes come in many forms, from cashier’s checks and money orders to corporate and personal checks. Could you be a victim? Not if you know how to recognize and report them.

 

Fake Checks: Variations on a Scheme
Counterfeit or fake checks are being used in a growing number of fraudulent schemes, including foreign lottery scams, check overpayment scams, Internet auction scams, and secret shopper scams.

Check overpayment scams target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks.

Here’s how it happens:

A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.

In secret shopper scams, the consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.

Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.

You and Your Bank — Who is Responsible for What?

Under federal law, banks generally must make funds available to you from U.S. Treasury checks, most other governmental checks, and official bank checks (cashier’s checks, certified checks, and teller’s checks), a business day after you deposit the check. For other checks, banks must make the first $200 available the day after you deposit the check, and the remaining funds must be made available on the second business day after the deposit.

However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.

Protecting Yourself

Here’s how to avoid a counterfeit check scam:

  • Throw away any offer that asks you to pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.
  • Resist the urge to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.
  • Know who you’re dealing with, and never wire money to strangers.
  • If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don’t send the merchandise.
  • As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. There may be a charge for an escrow service. If the buyer insists on using a particular escrow or online payment service you’ve never heard of, check it out. Visit its website, and read its terms of agreement and privacy policy. Call the customer service line. If there isn’t one — or if you call and can’t get answers about the service’s reliability — don’t use the service.
  • If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.
  • If the buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.
  • Resist any pressure to “act now.” If the buyer’s offer is good now, it should be good after the check clears.
If You Think You’re a Victim
If you think you’ve been targeted by a counterfeit check scam, report it to the following agencies:

This article was previously available as Giving the Bounce to Counterfeit Check Scams.


December 11, 2019Holiday Scams and Malware Campaigns

Holiday Scams and Fraud Schemes

 Fraud schemes are hardly limited to the holidays, but they tend to spike during this high-spending and stressful time of the year. Protect yourself from fraudsters year-round by being aware of common methods of fraud, as well as the steps you can take to avoid becoming a victim. Be skeptical about calls, texts, and emails, and be on the lookout for red flags.
 
Seasonal Travel Scams
• Beware of deals that are too good to be true.
• Know who you are booking your travel through.
 
Holiday Charity Scams
• A legitimate charity will welcome donations whenever you choose to make it. Fraudsters will pressure you to make the donation immediately.
• Don’t make any donation with a gift card or wire transfer.
 
Brute Force schemes are attempts to crack a password or username, find a hidden web page, or find the key used to encrypt a message using a trial-and-error approach to guess correctly. This is an old attack method, but it's still effective and popular with hackers.
 
Skimming is performed by using electronic devices to secretly scan and store credit and debit card numbers and PINs. ATMs and some unattended terminals, such as gas stations, are targets for this practice. This information can then be sold to fraudsters or used to commit theft directly. Fraudsters can use the numbers to make online purchases or to create fake cards for in-store transactions.
 
Phishing is the practice of sending fraudulent emails pretending to be from reputable companies in order to encourage individuals to reveal personal information, such as passwords and credit card numbers.
 
SMiShing (SMS phishing) is the act of attempting to acquire personal information such as passwords and details by impersonating a trustworthy entity through SMS text messages on cell phones. SMiShing messages may come from telephone numbers that are in a strange or unexpected format with links directing to fake websites.
 
A typical SMiShing occurrence can begin with a text message inquiring about a suspicious transaction on an account. The fraudster is looking to obtain other information from cardholders such as debit/credit card numbers, CV2 codes, expiration dates, PINs and other web login credentials.
 
Remember, legitimate SMS text messages from RSI Bank will NEVER include:
 
• Requests for cardholder’s data, such as card numbers, PINs, CV2 Codes, or Expiration Dates
• Vague reference of a “merchant” transaction; details should be included
• Hyperlinks to unknown websites
• Phone numbers as hyperlinks
 
Criminals in possession of card details and other forms of personally identifiable information (PII) may be able to spoof financial institutions’ phone numbers to fool you into thinking text messages are from an institution’s fraud department.
 
Vishing is the telephone equivalent of phishing. It is the act of using the telephone to scam the user into surrendering private information that will be used for fraudulent purchases or identity theft.
 
Some ways to protect yourself:

  • Create complex passwords (use a combination of letters, numbers and symbols) and change passwords on a regular basis.
  • Resist any pressure to “act now”
  • If you are concerned about the legitimacy of a phone call, text message, or email from RSI Bank, call our customer service center directly at 732.388.1800 to confirm.
  • Monitor your accounts by setting up account notifications and alerts through Online Banking
  • Download the free CardValet to turn your debit card on and off, and to set restrictions on transactions by type, location, or amount.
  • Refer to the other Security Tips on our website RSI.bank/security.

 


Security

Not securing your own computer, or not updating it properly, can be a recipe for disaster.

We encourage you to implement several security tips when you use our Online Banking services:

  1. Always access your online banking account on the RSI.bank homepage. Never click on a link sent to you in an email.
  2. Never give out your personal information through an email or over the phone. RSI Bank will never request that information in this manner.
  3. Choose your User ID and password carefully – They should not be easy for others to guess (like your name or birthday, or your children's names and birthdays). Make sure to change your passwords on a regular basis.
  4. Use a combination of letters, numbers, and symbols when creating a password.
  5. Never reveal your password to anyone; never leave your password in a place where someone else can obtain and use it.
  6. Make sure you have a firewall in place when conducting your financial transactions.
  7. Log out completely - Do not simply close your browser or use the back button to exit the site. Use the Exit button to end each Online Banking session and then close your browser.
  8. Never leave an open session unattended. Your online banking session should be your only open internet window or tab.
  9. Change your session timeout in User Options to a time that meets your needs.
  10. Install an antivirus app on both your personal computer and your mobile device and keep it updated.
  11. Always keep your computer and/or smartphone up to date.
  12. Never access your Online Banking account from a public or shared computer.
  13. Avoid installing Android apps from third-party websites or unreliable sources.
  14. Read the permissions requested by every application before installing.
  15. Perform regular backups of data stores on your smartphone.
  16. Protect devices with passwords.
  17. Don't view or share personal information over a public Wi-Fi network.
  18. Balance your account and statements on a regular basis. Online Banking makes it easy!
 

RSI Bank strongly encourages our commercial customers to perform their own risk assessments and controls evaluations.

  • Make a list of the risks related to online transactions that your business faces including: passwords being written down and left out in the open; the use of old or inadequate passwords; the possibility of internal fraud or theft; delays in terminating the rights of former employees; the lack of dual control or other checks and balances over individual access to online transaction capabilities.

  • An evaluation of controls your business uses may include: Using password protected software to house passwords in; conducting employee background checks; initiating a policy and process to terminate access to former employees; segregating duties among two or more people so no one person has too much access or control; conducting internal or third party audits of controls; using firewalls to protect from outside intrusion or hackers.