Fraud Alerts

Stay up to date on the latest scams and fraud attempts. Don’t forget to contact your local branch if you feel your account might have been compromised.

Please be aware of 2 scams that we have recently been informed about by customers.

  1. A customer received a call from someone claiming to be from Microsoft to let the customer know that the Wi-Fi on their phones and computers had been hacked. The person proceeded to ask the customer for the last 4 digits of their debit card and that they would call Jeff Bank to help with the situation but once someone answers, the call with the bank is dropped. The person then asks the customer to transfer money from their savings account to their checking account and to use that money to purchase vouchers to send for payment.
  2. A customer received a call from someone pretending to be from Jeff Bank asking the customer to verify their account information so that they could receive a deposit from a prize they had won.

If you receive a call like either of these, please do not give any information and hang up immediately. If you are worried that your account information has been compromised, please contact your local branch directly or call our main office at (845) 482-4000.

In this scam, you are contacted by someone via email, phone, pop-ups, etc., claiming to be from:

  1. A tech support company, utility company, or a government affiliate like the IRS, or
  2. A “fraud department”

These scammers will ask you to wire money OR download an app / visit a website so that they can help you. Ignore these requests. They are scams.

Here are some important points to keep in mind:

  • A fraudster may tell you that they work for your bank or credit union’s “fraud department,” and you must wire funds to them. This is a fraud! Hang up the phone and call your financial institution directly or go to a branch in person.
  • Any communication from a software or anti-virus company (such as Microsoft) must be initiated by you. They will not call you and ask for money or gift cards or ask you to send money.
  • Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or provide technical support.
  • A legitimate company will never ask that you pay for support in the form of cryptocurrency, gift cards, or a wire transfer.
  • A fraudster, pretending to be someone who will “help” you, may ask you to download an app or visit a website that is used to remotely access your device (i.e. AnyDesk, TeamViewer, RemotePC, LogMeIn, GoToAssist, etc.). DO NOT allow anyone to remotely access your home computer or phone.

There has recently been an uptick in a new scam that is targeting many locals. Some have received phone calls / text messages from someone claiming to be from Amazon. The caller claims that there was potential fraud on the person’s account and that they will transfer the person to Amazon’s Security Department. The caller will request your online banking credentials and claim that a refund will be made to your account, but the money is actually being transferred from another one of your accounts. Then they claim that too much is refunded and request the excess be returned by purchasing gift cards and sending them the card number and PIN. Please be aware that this is a Gift Card Scam.

The Federal Trade Commission (FTC) has put together information about Gift Card Scams, what to look for, ways scammers may try to convince you to pay with gift cards, and what to do if you feel victim to one of these scams. To view this full article, please visit: https://www.consumer.ftc.gov/articles/gift-card-scams.

If you have any questions or concerns, please contact your local branch or our main office at (845) 482-4000.

Please be advised of a recent spoofing call that a customer recently received. The caller ID said Jeff Bank and the number was very close to one of our branch’s numbers. The caller claimed to be from Jeff Bank and knew the customer’s name, address, that the customer had a loan with the bank, as well as the amount owed. This call was a scam and was not made by any of our employees. Please use caution in the event that you receive a similar call and feel uncomfortable, please hang up and call your local branch or our main office at (845) 482-4000.

Excerpted from a Bulletin Released by The New York State Police

One of the most prevalent is known as the “Grandparent Scam”.  In this scenario an individual will contact an elderly person and present themselves as either a grand-child/niece/nephew, or a legal representative of same, and state they have been arrested for a serious crime.  During the conversation they will request the elderly person to obtain large sums of money from their bank for the purpose of settling fictitious legal claims or post a jail bond.  In previous instances the preferred method was via wire transfers, however, recent activity indicates these individuals are now directing people to withdraw cash.  After the cash is withdrawn the person is instructed to call the “relative” or “representative” back to make arrangements to have the money picked up in person.

This in-person method has made it difficult for law enforcement to investigate the incident after the fact.  However, at the same time it has presented an opportunity for law enforcement.  If certain warning signs can be identified by the financial institution, timely notification can be to law enforcement, that can assist in making an arrest.  These notifications are for the purpose of reporting a suspected crime, therefore, the financial institutions are able to do so without the concern of violating the customer’s right to privacy.

If an elderly customer requests to draw a large sum of cash from their account that is irregular, the following questions could be asked to ascertain if it is a result of fraudulent activity:

  • Has someone asked you to withdraw this money?
  • Do you know the person you are giving the money to?
  • Did the requestor contact you over the phone?
  • Did the person tell you to not alert anyone you are withdrawing the money?
  • Have you made any family members aware?
  • If you are giving this money to someone, how are you doing it?
  • Are you being asked to buy something with this money you will not use, like gift cards?
  • Are you sending this money to someone via a wire transfer?

In September of 2017, Equifax announced it experienced a data breach, which impacted the personal information of approximately 147 million people. A federal court is considering a proposed class action settlement submitted on July 22, 2019, that, if approved by the Court, would resolve lawsuits brought by consumers after the data breach. Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.

If you are a class member, you can use this website to claim the benefits described below.

Please note that none of these benefits will be distributed or available until the settlement is finally approved by the Court.

If you request or have requested a cash benefit, the amount you receive may be significantly reduced depending on how many valid claims are ultimately submitted by other class members. Based on the number of potentially valid claims that have been submitted to date, payments for time spent and alternative compensation of up to $125 likely will be substantially lowered and will be distributed on a proportional basis if the settlement becomes final. Depending on the number of additional valid claims filed, the amount you receive may be a small percentage of your initial claim.

To read the full article, click here.

July 30, 2019
by Seena Gressin, Attorney, Division of Consumer and Business Education

If you needed yet another nudge to start keeping an eye on your credit report to protect against identity theft, Capital One has delivered it with its announcement that a data breach has exposed the personal information of 106 million of its credit card customers and credit card applicants in the United States and Canada.

News of the Capital One breach comes just one week after the Federal Trade Commission announced that Equifax agreed to pay up to $700 million to settle a lawsuit brought by the FTC, the Consumer Financial Protection Bureau, and 50 states and territories, stemming from the credit reporting giant’s 2017 data breach, which affected about 147 million people.

In the Capital One breach, 100 million people in the United States and 6 million in Canada were affected. According to the bank, most of the stolen information came from the credit card applications of consumers and small businesses. The information includes names, dates of birth, addresses, phone numbers, and more, all from applications filed between 2005 and early 2019.

For credit card holders, the stolen information includes credit scores, credit limits, balances, payment history, contact information and some transaction data. The bank says the hacker also stole about 140,000 Social Security numbers, 80,000 linked bank account numbers of secured credit card holders, as well as the Social Insurance Numbers of about one million Canadians.

Capital One has posted information about the breach and says it will notify the people affected and offer them free credit monitoring and identity protection services. However, whether or not you were affected, there is no time like the present to check your free credit report and take other steps to protect against identity theft.

Check out these articles to read the basics about credit reports and credit monitoring. And one more thing: a data breach is a magnet for scammers. Be alert to emails and calls pretending to be from Capital One or the government. Neither the bank nor the government will send an email or call you to ask for credit card or account information or your Social Security number.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Recently we have become aware of a fake invoice email scam where people receive emails that appear to be from a known business with an attached invoice. The attached invoice is actually a malicious file.

What is email spoofing?
Email spoofing is when an email is sent with a forged sender address. A real email address is used but the message is actually sent from a malicious server or a server that has been hacked. Because the main email protocol does not have an authentication system in place, this method is common for phishing emails to use to deceive the recipient.

Sending fake or spoofed emails is called “phishing” because the sender is “fishing” for your personal information. The goal is to trick you into giving up your personal, financial, or account information.  Phishing emails may ask you to visit a fake or “spoof” website or call a fake customer service number. Scammers also use phishing emails to get access to your computer or network by tricking you into downloading a malicious file. They then install programs like ransomware that can lock you out of important files on your computer.

Advice on how to protect yourself from spoofed email scammers

  • Don’t reply to the email, click any links, or download any attachments.
  • Always telephone the person you are intending to send payment to.
    Confirm with them the amount and bank details prior to sending any monies. Do not ask them to verify any of this information by email because if you are being targeted you will be communicating with the fraudster!
  • Ensure you have paid anti-virus protection on all computers and if you have a server, the same applies. Although anti-virus won’t protect you from users responding to fraudsters payment requests, it will help protect you from viruses entering your system.
  • Regularly change all your passwords and keep this information confidential. Do not share your passwords with anyone. The more complex your passwords are, the better!
  • Think carefully before making an instant decision. Read every email cautiously and don’t rush to send a payment without double checking first. Remember to call the person directly prior to sending any sum of money.
  • Always check the sender of the email. In most cases the criminal will try to mirror the legitimate email address as best they can. Spotting signs of spelling errors is a tell-tale sign. Here are some examples:

If for instance you normally communicate with someone called james@xyz.com and the email you receive is from jamess@xyz.com it’s easy for you to skim past this without spotting that an extra “s” has been added onto the end of James.

Another example:

accounts@thedeliverycompany.com
accounts@the-deliverycompany.com

The simple addition of a hyphen can easily go unspotted!

Please be advised of a recent telephone spoofing scam. In the past week, customers have received phone calls appearing to be from Jeff Bank on their caller ID. When these calls were answered, it was an automated message claiming that the customer’s account was seized due to fraudulent purchases. In some instances, the call also requested account numbers and a four-digit PIN. These calls are a SCAM.

The best advice to beat the scam is simple – hang up the phone. Never assume that someone is who they purport to be just because the number displayed on your caller ID matches that of an organization you know. Always be suspicious if you’re asked for your account numbers, four-digit PIN, or full online banking passwords. Same goes for transferring or withdrawing money or giving your card to a courier. Remember, your bank will never ask you to do any of these things.

Please contact your local branch or the main office at (845) 482-4000 with any questions or concerns.

Please be advised of recent telephone spoofing scams. A customer received a call, which showed up on their caller ID as being from Jeff Bank. When the customer answered, the call was an automated recording pitching medic alert systems for older adults. This call is a scam. A unique type of technology now enables fraudsters to fake the number they are calling from by making a false number appear on your caller ID. It’s extremely effective, because the number displayed appears to be your bank’s correct contact number.

The best advice to beat the scam is simple – hang up the phone. Never assume that someone is who they purport to be just because the number displayed on your caller ID matches that of an organization you know. Always be suspicious if you’re asked for your four-digit PIN or full online banking passwords. Same goes for transferring or withdrawing money or giving your card to a courier. Remember, your bank will never ask you to do any of these things.

Please contact your local branch or the main office at (845) 482-4000 with any questions or concerns.

Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.

That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information. To read the full article, click here.

Millions of Americans have been impacted by the recent Equifax data breach. Whether or not your personal information has been stolen, there are steps you can take to protect yourself and your credit.

What is identity theft, and what can you do?
Sometimes criminals who steal data use it to engage in identity theft. It’s important to first understand what identity theft is. Identity theft occurs when someone uses your personal information, without your permission, and pretends to be you to commit fraud. Identity thieves may attempt to use your credit cards, open new accounts in your name, or attempt to access your accounts. It can be hard to notice that you were a victim of identity theft until you review your reports or statements and see charges you didn’t make, or are contacted by a debt collector about a debt that you don’t recognize. If you see anything out of the ordinary on your financial statements or credit reports, no matter how small, you should take action immediately.

To read the full article, click here.

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

To read the full article, click here.

What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

To read the full article, click here.

Is identity theft just a problem for people who submit information online?
You can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.

To read the full article, click here.