303-694-6464      
Charity and Disaster Scams

Charity and Disaster Scams

by | Aug 17, 2022 | Cyber Security News, News

Cyber criminals know that one of the best ways to rush people into making a mistake is by creating a heightened sense of urgency. And one of the easiest ways to create a sense of urgency is to take advantage of a crisis. This is why cyber criminals love it whenever there is a traumatic event with global impact.

What most of us regard as a tragedy, cyber criminals view as an opportunity, such as the breakout of a war, a major natural disaster such as a volcanic explosion, and of course infectious disease breakouts like COVID- 19.

When there is an immense amount of social media and news coverage about a certain event, cyber criminals know that is the time to strike.

They use this opportunity to create timely phishing emails or scams about the event, and then send that phishing email or launch the scam to millions of people around the world. For example, during a natural disaster, they may pretend to be a charity asking for donations to save children in need. Cyber criminals can often act within hours of a crisis or disaster, as they have all the technical infrastructure prepared and are ready ahead of time. How can we protect ourselves the next time there is a big crisis or disaster, and cyber criminals seek to exploit it?

How to Detect and Defend Against These Scams

The key to avoiding these scams is to be suspicious of anyone who reaches out to you. For example, do not trust an urgent email claiming to be from a charity that desperately needs donations, even if the email appears to be from a brand that you know and trust. Do not trust a phone call claiming to be a local food bank pressuring you to donate. The greater the sense of urgency, the more likely the request is an attack. Here are some of the most common indicators of a charity scam:

  • Be very suspicious of any charity that requires that you donate via cryptocurrency, Western Union, wiring money, or gift cards.
  • Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
  • Some cyber criminals will use names and logos that sound or look like a real charity. This is one reason it pays to do some research before giving.
  • Cyber criminals will often make lots of vague and sentimental claims about what they will do with your money but give no specifics about how your donation will be used.
  • Some cyber criminals may try to trick you into donating to them by thanking you for a donation you made in the past when, in reality, you never donated to them.
  • Do not assume pleas for help on crowdfunding sites such as GoFundMe or social media sites such as TikTok are legitimate, especially in the wake of a crisis or tragedy.
  • Do not give out personal or financial information in response to any unsolicited request.

How to Make a Difference Safely

To donate in times of need or to help those impacted by a disaster, donate only to well-known, trusted organizations. You initiate the connections and decide who to reach out to, such as what websites to visit or what organizations to call. When you consider giving to a charity, search its name plus words like “complaint,” “review,” “rating,” or “scam.” Not sure which charities to trust? Start by researching on government websites you trust, or perhaps links provided by a well-known and highly trusted news organization. Donating in times of need is a fantastic way to make a difference, just be sure you are giving to legitimate organizations.

Phishing Attackers Getting Trickier

Phishing Attackers Getting Trickier

by | Jul 6, 2022 | Cyber Security News, News

PHISHING ATTACKERS GETTING TRICKIER

Phishing attacks have become the most common method cyber attackers use to target people at work and at home. Phishing attacks have traditionally been emails sent by cyber attackers to trick you into doing something you should not do, such as opening an infected email attachment, clicking on a malicious link, or sharing your password.

While traditional phishing attacks continue today, many cyber attackers are creating advanced phishing emails that are more customized and harder to detect. They are also using technologies such as text messaging, social media, or even telephone calls to engage and fool you. Here are their latest tricks and how you can spot them.

Cyber Attackers Are Doing Their Research

Phishing emails used to be easier to detect because they were generic messages sent out to millions of random people. Cyber attackers had no idea who would fall victim; they just knew the more emails they sent, the more people they could trick. We could often detect these simpler attacks by looking for odd emails with “Dear Customer” in the beginning, misspellings, or messages that were too good to be true, such as Nigerian princes offering you millions of dollars

Today’s cyber attackers are far more sophisticated. They now research their intended victims to create a more customized attack. Instead of sending out a phishing email to five million people, or appearing to be generic emails sent by corporations, they may send it to just five people and tailor the attack to appear to be sent from someone we know. Cyber attackers do this by:

  • researching our LinkedIn profiles, what we post on social media, or by using information that is publicly available or found on the Dark Web.
  • crafting messages that appear to come from management, coworkers, or vendors you know and work with.
  • learning what your hobbies are and sending a message to you pretending to be someone who shares a mutual interest.
  • determining you have been to a recent conference or just returned from a trip and then crafting an email referencing your travels.

Cyber attackers are actively using other methods to send the same messages, such as texting you or even calling you directly by phone.

How to Detect These More Advanced Phishing Attacks

Because cyber attackers are taking their time and researching their intended victims, it can be more difficult to spot these attacks. The good news is you can still spot them if you know what you are looking for. Ask yourself the following questions before taking action on a suspicious message:

  1. Does the message create a heightened sense of urgency? Are you being pressured to bypass your organization’s security policies? Are you being rushed into making a mistake? The greater the pressure or sense of urgency, the more likely this is an attack.
  2. Does the email or message make sense? Would the CEO of your company urgently text you asking for help? Does your supervisor really need you to rush out and buy gift cards? Why would your bank or credit card company be asking for personal information they should already have about you? If the message seems odd or out of place, it may be an attack.
  3. Are you receiving a work-related email from a trusted coworker or perhaps your supervisor, but the email is using a personal email address such as @gmail.com?
  4. Did you receive an email or message from someone you know, but the wording, tone of voice or signature in the message is wrong and unusual?

If a message seems odd or suspicious, it may be an attack. If you want to confirm if an email or message is legitimate, one option is to call the individual or organization sending you the message with a trusted phone number.

You are by far the best defense. Use common sense.

STOP MALWARE

STOP MALWARE

by | Jun 10, 2022 | Cyber Security News, News

STOP MALWARE

Overview

You probably have heard of terms such as virus, Trojan, ransomware, or rootkit when people talk about cyber security. These are different types of malicious programs, called malware, that cyber criminals use to infect computers and devices. Once installed, they can do whatever they want. Learn what malware is, what danger it poses, and most importantly, what you can do to protect yourself from it.

What Is Malware?

Simply put, malware is software–a computer program–used to perform malicious actions. This term is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them. Once installed, malware can enable criminals to spy on your online activities, steal your passwords or files, or use your system to attack others. Malware can even take control of your own files, demanding that you pay a ransom to get them back. Many people believe that malware is a problem only for Windows computers. Unfortunately, malware can infect any device, from Mac computers and smartphones to DVRs and security cameras. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.

Protect Yourself – Stop Malware

You may think that all you have to do is install a security program like anti-virus software and you are safe from getting infected. Unfortunately, anti-virus cannot stop all malware. Cyber criminals are constantly developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways it has become an arms race, and the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, here are additional steps you should take to protect yourself:

  • Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins, and devices are always updated and current. The easiest way to ensure this is to enable automatic updating whenever possible.
  • A common way cyber criminals infect computers or mobile devices is by creating fake computer programs or mobile apps, posting them on the Internet, and then tricking you into downloading and installing one. Only download and install programs or apps from trusted online stores. Also, stay away from mobile apps that are brand new, have few positive reviews, are rarely updated, or have been downloaded by a small number of people. No longer using a computer program or mobile app? Delete it.
  • Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
  • Regularly back up your system and files to Cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them. Backups are critical. They are often the only way you can recover from a malware infection.

Ultimately, the best way to defend against malware is to keep all your software and devices up-to-date, install trusted anti- virus software when possible, and be alert for anyone attempting to trick you into infecting your own system. When all else fails, regular backups are often the only way you can recover.

The Community Bank

The Community Bank

by | May 20, 2022 | News

THE COMMUNITY BANK

THE COMMUNITY BANK

If you’re evaluating your current banking relationship, or you’re in the market for a new bank, you should strongly consider a community bank. While we have our own opinions here at First American State Bank, we have complied some research so we may provide an objective look at the world of community banking. Community banks may not be right for every situation, but chances are they’re the right choice for your personal or small business banking needs.

What Is a Community Bank?

Community banks are generally defined as those with less than $10 billion in assets. The FDIC also describes community banks as providing traditional banking services in local communities, obtaining deposits locally and providing many of their loans to local businesses.

The FDIC’s 2020 Community Banking Study said community banks play a critical role in providing access to credit in several key areas of the U.S. economy, particularly through lending to support commercial real estate, small businesses and agriculture.

Additionally, community banks tend to be more likely to be privately owned and locally controlled, unlike larger publicly traded banks owned by stockholders.

Community bank employee are generally considered “relationship bankers” who have close ties with their customers and special knowledge and expertise of their local communities. While not generally a rule, they may have less-structured underwriting guidelines for credit decisions than big banks may, making it possible for consumers and small businesses to get approved for credit that may not meet the predetermined characteristics of larger bank programs.

As of January of 2020, the U.S. had nearly 5,000 community banks with more than 29,000 branches throughout the country. Community banks represent 15% of the banking industry’s total loans but make 36% of all small business loans and 70% of all agricultural loans. If you’re a small business owner, a farmer or live in a small town, community banks may be a big part of the backbone of your local economy.

You can use the FDIC’s Community Bank Search tool to see if your bank meets the FDIC’s definition of “community bank.”

What Community Banks Offer

If you’re trying to decide where to do your banking, many community banks offer key benefits and perks that may be a deciding factor in selecting your banking institution.

  • Better Deposit Rates

Community banks may be willing to offer more favorable interest rates on financial products compared to a big national bank. Higher CD rates and savings accounts offerings can be found at what could be defined as community banks.

  • Flexibility

Community banks are focused on personal relationships in local communities and may have less-formalized processes, compared to corporate banks when considering credit requests. You may find that community banks offer a bit of extra flexibility in working with you, compared to a larger bank with stricter guidelines for lending.

  • Personal Attention

You’ll  find that a community bank is more customer-facing, offering more personal service than a big bank. The 2019 Small Business Credit Survey, a collaboration of the 12 Federal Reserve Banks, found that 79% of small business owners who applied for credit from a small bank were satisfied with the customer experience, compared to only 67% of applicants at large banksAt First American State Bank you’ll get a real person when you call, and chances are that whether on the phone or in person we will know who you are.

  • Community Investment

Community Banks are invested in their communities, employing those who live there and serving through credit needs for neighboring businesses and individuals and actively participating through charitable action and involvement.  Progress and achievement in the community represents success for the bank.

Community Banks vs. Big Banks

In recent years, the number of community banks has declined faster than larger banks. Between 2012 and 2019, the number of community banks decreased from 6,802 to 4,750, a decline of 2,052 banks (30%).  During those years, the number of larger non-community banks declined from 555 to 427, a decline of only 128 institutions.  Community banks aren’t disappearing altogether, but have been consolidated into larger entities. Good news – among the community banks that closed during this time frame, two thirds were acquired by other community banks.  We strongly believe there should always be a place for community banking.

It used to be that national banks had an advantage in the size of their distribution network, through locations or ATMs.  With recent tech advances, smaller institutions are improving offerings through fintech partnerships, resulting in greater depth of product and service offerings not previously available, those distinctions are becoming less apparent.  For all but the most complex needs and wealth management advisory services, community banks have available most services to satisfy typical business and consumer demands.

Bottom Line

Community banks are a vital part of the U.S. economy, providing loans and deposit accounts to millions of customers. Although they are known for their local presence and personal relationships, community banks are more than brick-and-mortar branches—many community banks are innovating and investing in new digital technology, but people ultimately make community banks successful.

If you’re looking to open any variety of bank accounts, loans for business or personal needs,  a new home base for your personal or small business finances, and services to grow with you moving forward, consider a community bank, First American State Bank.

TOP THREE SOCIAL MEDIA SCAMS

TOP THREE SOCIAL MEDIA SCAMS

by | Apr 4, 2022 | Cyber Security News, News

FROM: SANS Security Awareness

While social media is a fantastic way to communicate, share, and have fun with others, it is also a low-cost way for cyber criminals to trick and take advantage of millions of people. Don’t fall victim to the three most common scams on social media.

Investment Scams

Have you ever seen a post about an investment opportunity that promises a huge return on investment in an extremely quick amount of time with allegedly little to no risk? The reality is, these guarantees are really investment scams. Fraudsters simply steal your money after you pay them. These scams often include ads or success stories from past customers to promote the investments, but those are just fake testimonials to increase your trust. Often these investment scams are about investing in crypto-currencies or real estate, and payment is often made in crypto-currencies or other non-standard payment methods. If an investment seems too good to be true, it most likely is. Remember, there is no such thing as guaranteed, high-return investments. Only invest your money in trusted, well-known resources, not strangers you meet online pushing a get-rich-quick scheme.

Romance Scams

When criminals develop an online relationship with someone they’ve identified as lonely or vulnerable to trick them out of money, this is known as a romance scam. The criminal will use whatever tactics they can to build trust, including exchanging fake photos or sending gifts, then share a tragic story about needing money to pay for expenses such as hospital bills or for travel costs to visit the victim in person. To avoid actually meeting in person, these criminals may say they work in an industry that prevents them from doing so, such as construction, international medicine, or the military. They often request money as a wire transfer or gift cards to get cash quickly and remain anonymous. These types of scams are not only common on social media but with online dating apps. Be careful with people you meet online, take things slowly, and never send money to someone you have only communicated with online.

Additionally, if you believe someone you know may be vulnerable to such an attack or is in an online relationship that raises these flags, offer to help them. Sometimes it can be very difficult for someone engrossed in an emotional connection to see just how dangerous the situation has become.

Online Shopping Scams

Online shopping scams happen when you purchase items online at extremely low or unbelievable prices but never receive them. Tempting ads on social media will promote incredible prices and have links that take you to sites that appear to be legitimate and sell well-known brands, but these sites are often fake. Be wary of websites that have no contact information, broken contact forms, or use personal email addresses. Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.” Be very cautious of online promotions or deals that appear too good to be true. It’s far safer to purchase items that may cost slightly more, but from trusted sites that you or your friends have used before.

The good news is: You are your own best defense. You are in control. Just be on alert for scams like these and you will be able to make the most of social media safely and securely.

Learn To Spot “DeepFakes”

Learn To Spot “DeepFakes”

by | Mar 1, 2022 | Cyber Security News, News

LEARN TO SPOT DEEPFAKES

From: SANS Security Awareness

What Are Deepfakes?

The word “deepfake” is a combination of “deep learning” and “fake.” Deepfakes are falsified pictures, videos, or audio recordings. Sometimes the people in them are computer-generated, fake identities that look and sound like they could be real people. Sometimes the people are real, but their images and voices are manipulated into doing and saying things they didn’t do or say. For example, a deepfake video could be used to recreate a celebrity or politician saying something they never said. Using these very lifelike fakes, attackers can spin up an alternate reality where you can’t always trust your eyes and ears.

Some deepfakes have legitimate purposes, like movies bringing deceased actors back to life to recreate a famous character. But cyber attackers are starting to leverage the potential of deepfakes. They deploy them to fool your senses, so they can steal your money, harass people, manipulate voters or political views, or create fake news. In some cases, they have even created sham companies made up of deepfake employees. You must become even more careful of what you believe when reading news or social media in light of these attacks.

The FBI warns that in the future deepfakes will have “more severe and widespread impact due to the sophistication level of the synthetic media used.” Learn to spot the signs of a deepfake to protect yourself from these highly believable simulations. Each form of deepfake — still image, video, and audio — has its own set of flaws that can give it away.

Still Images

The deepfake you may see most often is the phony social media profile picture. The image below is an example of a deepfake from the website thispersondoesnotexist.com. Below the image are five different clues that this could be a deepfake. You will notice that these clues are not easy to spot and can be hard to identify:

OUCH_March_2022_still_image.png

  1. Background: The background is often blurry or crooked, and may have inconsistent lighting such as pronounced shadows pointing in different directions.
  2. Glasses: Look closely at the connection between the frames and the arms near the temple. Deepfakes often have mismatching connections with slightly different sizes or shapes.
  3. Eyes: Deepfake photos currently used for fake profile pictures appear to have their eyes in the same spot in the frame, resulting in what some call the “deepfake stare.”
  4. Jewelry: Earrings may be amorphous or strangely attached. Necklaces may be embedded into the skin.
  5. Collars and shoulders: Shoulders may be misshapen or unmatching. Collars may be different on each side.

Video

Researchers at the Massachusetts Institute of Technology, MIT, developed a question list to help you figure out if a video is real, noting that deepfakes often can’t “fully represent the natural physics” of a scene or lighting.

  1. Cheeks and forehead: Does the skin appear too smooth or too wrinkly? Is the age of the skin similar to the age of the hair and eyes?
  2. Eyes and eyebrows: Do shadows appear in places that you would expect?
  3. Glasses: Is there any glare? Too much glare? Does the angle of the glare change when the person moves?
  4. Facial hair: Does the facial hair look real? Deepfakes might add or remove a mustache, sideburns, or beard.
  5. Facial moles: Does the mole look real?
  6. Blinking: Does the person blink enough or too much?
  7. Lip size and color: Do the size and color match the rest of the person’s face?

Audio/Voice

Researchers say technologies like spectrograms can show when voice recordings are fake. But most of us do not have the luxury of a voice analyzer when an attacker calls. Listen for a monotone delivery, odd pitch or emotion, and lack of background noise. Voice fakes can be hard to detect. If you receive an odd call from a legitimate organization, you can verify if the call is real by first hanging up then calling the organization back. Be sure to use a trusted phone number, such as a phone number you already have in your contact list, a phone number printed on a bill or statement from the organization, or the phone number on the organization’s official website.

Conclusion

Be aware that attackers are actively using deepfakes. They can make fake accounts on social media to connect with or create fake videos to influence public opinion. Some are even selling their services on the dark web so other attackers can do the same. We don’t expect you to become a deepfake expert, but if you arm yourself with the basics of identifying the fakes, you’ll be far better at defending yourself. If you suspect you have detected a deepfake, report it to the website or source that is hosting the content.