Public Service Announcement – New Phishing Scheme
The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.
As part of these attacks, the cybercriminals target users of digital payment applications with fake text messages pretending to be from legitimate financial institutions, asking customers to verify they have started an instant money transfer. The FBI Advisory states:
Cybercriminals are targeting victims with a sophisticated phishing and social engineering scam which results in victims unwittingly sending funds to the actors using digital payment apps. The actors take advantage of payment apps connected to bank accounts.
If the recipient responds to the automated text message, the criminals – “who typically speak English without a discernable accent,” according to the FBI – call the victim from a number that appears to match the legitimate 1-800 support number for the financial institution.
For more information about this and other security threats to your customers or your organization, visit the FBI’s Cyber Crime website:
Protect Your Online Security
Any form of communication where you are asked for any of the following details should be treated as highly suspicious, and should be reported immediately to Eastern Savings Bank.
Eastern Savings Bank Will NEVER Request:
- Your PIN number, password(s), or any electronic login credentials
- You to email OR text your account details
- A transfer of funds from your account to an allegedly “safe” account
- Your Bank account details by sending a website link
Learn how to further protect your information, your computer, and your online files by visiting: https://www.consumer.ftc.gov/topics/online-security
How secure is EasternEase Online?
Your internet transactions are encrypted to ensure a secure transmission of data. EasternEase Online brings together a combination of industry-approved security technologies to protect data transmitted to and from Eastern Savings Bank. It features password-controlled system entry and a Secure Socket Layer (SSL) protocol for data encryption. This means your account information and transactions remain strictly confidential.
The Top 12 Mobile Banking Security Tips
Eastern Savings Bank is dedicated to providing the highest level of security. When using our mobile banking app, EasternEase Mobile, keep these tips in mind to ensure your experience is as secure as possible:
- Bookmark the Eastern Savings Bank website (easternsavingsbank.com) and only use this bookmark to access the site to avoid phishing. Similarly, add the Bank’s customer service phone number (800.787.7ESB) to your contacts for quick recall.
- Protect your personal information by ensuring your mobile device maintains a PIN, fingerprint authentication or strong password. When your device is not in use, enable automatic screen lock.
- Once your session is complete, log out of mobile banking before closing the app.
- Do not share personal and financial information via email, text or phone. Social Security number, birthdate, passwords and account numbers should be kept private and never stored on your mobile device. We will never ask you to provide confidential information via email or SMS messages.
- Delete security codes and message alerts you may receive via text from Eastern Savings Bank. If you change your mobile phone number, be sure to update your online banking profile to protect sensitive message alerts.
- Report a lost or stolen device. Contact Eastern Savings Bank immediately to update your information. You can also log in and remove the old device from your online banking profile.
- Use caution when downloading banking apps. Only install apps from reputable sources such as the App Store, Google™ Play or a direct link from Eastern Savings Bank’s website.
- Keep your mobile operating system up-to-date by installing the latest updates as prompted by your device to ensure maximum security. Consider anti-malware options for your mobile devices. Malware could be installed on Smart Phones that executes fraudulent transactions such as key-logging or screen scraping.
- Access mobile banking on a secure wireless network. Do not use public Wi-Fi hotspots. Unsecure networks can expose sensitive data, making it vulnerable to hackers.
- Do not root or jailbreak your device. This practice weakens device security.
- When depositing a check through our mobile banking app, wait until the funds are available and then destroy the check.
- Beware of SMS “Smishing.” Malicious persons could send spoof texts with links that go to sites that download malicious software or provide fraudulent apps on Smart Phones. Never click on a link within a text message from an unknown number. Only open texts you initiated with Eastern Savings Bank.
Eastern Savings Bank suggests following these 12 steps to protect your mobile device:
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell your financial institution immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re entering sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network. Consider using a Virtual Private Network (VPN) app to secure and encrypt your communications when connecting to a public Wi-Fi network. (See the Federal Trade Commission’s tips for selecting a VPN app.)
- Report any suspected fraud to your bank immediately.