Notification and Fraud Center
Current Scams...(May 2018) Secret Shopping and Fake Checks...find out more
Our fraud alert service allows you to identify potential fraudulent use of your debit card in a real-time manner. You can register your debit card(s) to set up alerts for any of 4 unique types of transactions:
· High dollar transactions
· Declined transactions
· Card not present transactions (online or telephone transactions)
· International transactions
The alerts can be sent to mobile phones, email addresses or both. MCT is pleased to offer this service as a free benefit of banking with us. Protect yourself and your money, enroll now in the new debit card transaction alert service. Available for both personal and business debit cards.
Cyberspace is a virtual community. Within it, you share gossip with your neighbors, go shopping, get news updates, research issues formerly conducted at a library, seek medical advice, and perform banking functions. About the only thing you can’t do online is get a haircut.
As such, it’s prone to the same activities as your physical community. You need to perform routine cleaning of your system files for increased performance. You need to exercise caution about who you communicate with. You must keep software patched and updated to protect against intrusion. And you absolutely must remain alert to potential threats.
Unlike your physical community, you can’t see the crooks trying to steal your wallet. And the stakes are even greater. Your very identity is at risk, along with your good name and all you’ve earned over your lifetime.
Online safety has two key components:
- EDUCATION: Understand the various threats lurking in cyberspace. Learn how to detect and avoid them. Information is your first line of defense against cybercrime. But all those terms can be confusing. This glossary explains the most common cyber security terms along with tips on recognizing them.
- AWARENESS: Most people today understand online safety. Yet they still risk becoming a victim. Why? Because our hectic lifestyle distracts us. Multi-tasking is a way of life. We’re trying to squeeze in just one more chore before moving on to a different project. We let our guard down for just an instant. And that’s all it takes. It’s just as important to know what to do if we become a victim as it is how to avoid becoming one. The quicker you respond, the less damage they can do. These resources will help you keep it to a minimum.
Your first line of defense is a strong password. Use a minimum of eight characters containing a combination of upper and lower case characters, both alpha and numeric. If special characters are allowed, use them to make it even harder to crack. Don’t use the same password on multiple sites. If one site gets hacked, all of your accounts are compromised.
Despite our best efforts, our personal information can still be compromised. Someone can hack into a vendor’s database and steal their customer’s name, address, Social Security number, credit card number, even medical data.
Don’t think you’re safe if you avoid banking or shopping online. Cyber crooks can download malware onto Point-of-Sale terminals and swipe credit card numbers as they did at the recent breach of Target stores and a host of other merchants.
One of the worst case examples out there involved a contractor who refused to use the Internet for fear of safety. He wrote checks to all of his suppliers. His check was among the many stolen from one of these suppliers. It contained his routing number, account number and account title. All of the information the thief needed to print checks in his own name without being noticed.
This contractor never setup his accounts online, so he never knew his business funds were being slowly drained from his account. When his next paper statement arrived 30 days later, he had a harder time recouping his loss because of the delay.
Contact Mauch Chunk Trust Company IMMEDIATELY if you suspect your account has been compromised so we can take immediate steps to prevent further theft.
- Equifax offers Credit Lock service - find out more
- FDIC Warns of Scams
- Check your accounts regularly. This means bank accounts and credit card accounts. Report any unrecognized transactions immediately for prompt action.
- Check your credit reports. Every American is entitled to one free credit report each year from each of the three major reporting bureaus. By spacing them out over the course of the year, you’ll notice anything amiss sooner. If you’re married, space out your spouse’s report in the mix and you can check a report for free every other month. Act Immediately and report any errors on your credit report to the bureau involved.
- Visit FTC OnGuard Online for a wealth of consumer tips and resources on staying safe online.
- The Federal Trade Commission (FTC) maintains up-to-date information on Identity Theft and recent scams - please visit their site regularly
- The FBI and Homeland Security US-CERT both post new scams frequently on their websites.
- Krebs on Security
- AARP Fraud Watch has many resources for AARP members. Call the AARP Fraud Watch Alert Helpline at 877-908-3360 to report or receive assistance
- Notify the bank immediately.
- Checking and savings accounts must be closed and new accounts, with new account numbers, must be opened.
- If your ATM or debit card was compromised, get a new card with a new account number and a new personal identification number (PIN).
PIN/PW creation tips: when creating a new PIN, do not use your birthdate or the last four digits of your social security number. Do not record your PIN on any article or on your ATM/debit card. Keep it in a safe and secured place.
- Add confidential passwords to every account, (including new accounts), name, and social security number that was exposed to the scammer.
- Close Internet Banking if the user name and password was compromised, or if the computer was remotely accessed by anyone.
- Place an alert on all open lines of credit, including home equity loans and credit cards.
- Credit Cards: report the fraud to the credit card issuers and get new credit cards with new account numbers. (Ask the issuer to process the card as “account closed at consumer’s request.” Follow-up in writing to protect yourself in case of a disputed transaction.
- Report the scam to the police. Some police departments may refuse to write a police report, but be persistent. Provide a copy of the police report to banks, credit card issuers, insurance company, and others that may request it.
- Change user names and passwords on all websites.
- Hang up or block all calls from scammers. Quite often, they will continue to call a victim for more money.
- Add your phone number(s) to the National Do Not Call Registry
- File a complaint with the Federal Trade Commission, (FTC), by completing an online complaint form OR If your computer has been hacked, call the FTC’s Identity Theft Hotline, 1-877-ID-THEFT (438-4338) to file a complaint.
- If a caller is rude, abusive, or if scammed money has already been sent, call the FTC 1-877-FTC-HELP.
- Place a fraud alert on your credit report by notifying 1 of the 3 credit reporting agencies. (They must share the information with the other 2 companies). The initial fraud alert is free, but will expire after 90 days. The alert can be renewed, but it is up to you to do so. The alert will make it more difficult for a scammer to open accounts in your name.
o TransUnion – 1-800-680-7289
o Experian – 1-888-397-3742
o Equifax – 1-888-766-0008
By placing a fraud alert, you can order one free copy of your credit report from each of the three reporting agencies. Make sure the agencies have your current contact information.
- Have a reputable computer repair shop clean up existing infestations on your computer. You may need to purchase or update AntiVirus protection software. Do not download free versions of this software, or you may be installing additional viruses to your computer.
- If your social security number has become associated with bad checks and credit, as a result of fraud or identity theft, contact your local office of the Social Security Administration to request that your SSN is changed. This is used in rare and the most extreme situations only.
- If your mail has been stolen or misdirected, notify the postal inspector in your area about suspected mail theft. Sign up for e-statements for your bank accounts at MCT.
- If you have a passport, notify the passport office to be on the alert for anyone ordering a new passport fraudulently.
BOTNET: A group of compromised computers infected with malicious software and controlled as a group without the owner's knowledge. Used to distribute spam or malware, or conduct DDoS attacks. If your computer runs sluggish or returns page errors when you visit an anti-virus site, you may have unknowingly become part of a botnet. If your IP address is detected as generating malware, you can be charged with a cybercrime whether or not you even knew about it. The best way to eliminate a botnet from an infected computer is to wipe the entire hard drive clean and perform a system restore. And hope that you have a good, clean backup dated prior to the compromise.
Distributed Denial of Service (DDoS): Form of electronic attack involving multiple computers, which send repeated HTTP requests or pings to a server to load it down and render it inaccessible for a period of time.
MADWARE: Mobile malware. Security experts rank mobile threats as the fastest rising cybercrime faced today. Your mobile device needs the same level security used to protect your PC. Always, ALWAYS, lock your phone with a password or code to prevent unauthorized access. Your favorite anti-virus software is available for download as an app for whatever type device you use.
MALWARE: Software designed to infiltrate or damage a computer system without the owner's knowledge or consent. It is a blend of the words "malicious" and "software." It includes computer viruses, worms, trojan horses, spyware, adware and other malicious and unwanted software. Keep your operating system and anti-virus software patched and updated to protect yourself against malware threats.
PHARMING: Or "domain spoofing" is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site; e.g. your bank. It is different from phishing in that the attacker does not have to rely on having the user click a link in an e-mail to deceive the user. Even if the user correctly enters a Web address into a browser's address bar, the attacker can still redirect the user to a malicious Web site.
PHISHING: Fraudulent e-mails, appearing to be from a trusted source such as your bank or credit card carrier, direct you to Web sites. Once there, you are asked to verify personal information such as name, account and credit card numbers, passwords and the like. These sites are often designed to look exactly like the site they are imitating. The information you provide is used to hijack your accounts and your identity. E-mails that warn you, with little or no notice, that your account will be shut down unless you reconfirm certain information, are very likely to be phishing. A newer tactic is to "confirm" personal credentials they supposedly have in their file, displaying false information. You call to correct the erroneous data and unwittingly provide them with the tools they need to steal your identity. NEVER follow a link or phone number provided in an email. Use a phone number or Web site address you know to be legitimate to check the source.
SCAREWARE: Software with malicious payloads sold to consumers. Victims are lured by fake ads warning of an infected computer, etc. Pop up ads trying to sell you anti-virus products are typically scareware.
SMISHING: Phishing attacks conducted via text messaging.
SPEAR PHISHING: Phishing attacks targeting targets specific entities holding whatever valuable information they seek. Typically, the crooks are looking for inside access to an organization's internal network. The target will receive an email appearing legitimate and click the link or open the attachment to unleash the malware. Some appear to contain confidential information the recipient believes was sent to them in error, and can’t resist the temptation to learn what’s inside. Others may alert you to account upgrades and ask login credentials to confirm continued access. Be aware of these tactics and avoid them, no matter how tempted you may be to respond. Take the time to confirm legitimacy before acting on them.
SPYWARE: Software that captures information from your computer such as browsing habits, usernames and passwords or credit card information. Current anti-virus software is your best prevention against spyware download.
TROJAN: Software programs that masquerade as regular games or utilities but harm your computer. Keep your anti-virus software and operating system patched and updated for your protection.
VIRUS: Small programs or scripts that harm your computer, causing it to cease functioning properly. This is old school – more of a threat in the early days of the Internet. Cybercrime has become quite sophisticated over the years. Once again, updated anti-virus software virtually eliminates this threat.
VISHING: Phishing attacks conducted over the telephone. The scammer will try to trick you into divulging personal information over the phone. Never provide your Social Security number, account numbers or passwords to anybody who contacts you unexpectedly. No matter what form of contact they may use. If you believe the call could be legitimate, contact the agency or company they claim to represent using a phone number that is known to you. Do not call a number they provide.
WORMS: Type of virus that replicates itself. Does not destroy files but can take up all available memory or had disk space by multiplying itself. It can cause your computer to run slowly or crash.
ZERO-DAY ATTACK: An attack or threat that exploits a security hole before or immediately after the vulnerability is known.