Beware of Malware: Think Before You Click!

M1B_VirusReprinted from FDIC Consumer News – Winter 2016

Malicious software — or “malware” for short — is a broad class of software built with malicious intent.  “You may have heard of malware being referred to as a ‘computer bug’ or ‘virus’ because most malware is designed to spread like a contagious illness, infecting other computers it comes into contact with,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section.  “And if you don’t protect your computer, it could become infected by malware that steals your personal financial information, spies on you by capturing your keystrokes, or even destroys data.”

Law enforcement agencies and security experts have seen an increase in a certain kind of malware known as “ransomware,” which restricts someone’s access to a computer or a smartphone — literally holding the device hostage — until a ransom is paid.  While businesses have been targeted more than consumers to date, many home computer users have been victims of ransomware.  For more information, see an alert issued by the U.S. Department of Homeland Security.

The most common way malware spreads is when someone clicks on an email attachment — anything from a document to a photo, video or audio file.  Criminals also might try to get you to download malware by including a link in the wording of an email or in a social media post that directs you somewhere else, often to an infected file or Web page on the Internet.  The link might be part of a story that sounds very provocative, such as one with a headline that says, “How to Get Rich” or “You Have to See This!”

Malware also can spread across a network of linked computers, be downloaded from an infected website, or be passed around on a contaminated portable storage device, such as a thumb drive or flash drive.

Here are reminders plus additional tips on how to generally keep malware off your computer.

Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails.  Think before you click!  Cybercriminals are good at creating fake emails that look legitimate but can install malware. Either ignore unsolicited requests to open attachments or files or independently verify that the supposed source did send the email to you (by using a published email address or telephone number). “Even if the attachment is from someone you know, consider if you really need to open the attachment, especially if the email looks suspicious,” added Benardo.

Install good anti-virus software that periodically runs to search for and remove malware.  Make sure to set the software to update automatically and scan for the latest malware.

Be diligent about using spam (junk mail) filters provided by your email provider.  These services help block mass emails that might contain malware from reaching your email inbox.

Don’t visit untrusted websites and don’t believe everything you read.  Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware. “Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable,” warned Amber Holmes, a financial crimes information specialist with the FDIC. “And please, don’t click on a link to learn more.  If something sounds too good to be true, then most likely it’s fraudulent or harmful.”

Be careful if anyone — even a well-intentioned friend or family member — gives you a disk or thumb drive to insert in your computer.  It could have hidden malware on it.  “Don’t access a disk or thumb drive without first scanning it with your security software,” said Holmes.  “If you are still unsure, don’t take a chance.”

To learn more about how to protect against malware, visit OnGuardOnline.



Going Mobile: How to be Safer When Using a Smartphone or Tablet

M1B_PhoneSecurityReprinted from FDIC Consumer News – Winter 2016

Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. “Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer.”

Here are some basic steps you can take to secure your mobile devices.

Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution’s website to confirm where to download its official app for mobile banking.

Keep your device’s operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. “Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play,” said Robert Brown, a senior ombudsman specialist at the FDIC.

Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.

Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the “time out” or “auto lock” feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet.

Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.

Have the ability to remotely remove data from your device if it is lost or stolen. A “remote wipe” protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.

To learn more about safely using smartphones and tablets, see the Federal Trade Commission’s Computer Security Web page.


Home Depot® Data Breach

As you may have heard, Home Depot is investigating the theft of credit and debit card data from its payment systems. We have been informed that there is potential risk for transactions completed at Home Depot stores between April 11 and September 7, 2014. This announcement is yet another example of why it’s always important to monitor your accounts.

Where can I learn more about the breach and Home Depot’s response?
Home Depot released a preliminary announcement that it is working with law enforcement to investigate the breach. Check the Home Depot media center for updates.

How can I find out if my card was affected?
At this time, there is no need for customers to call us. We will receive a list of potentially compromised cards and we will contact you.

Should I reset my PIN?
The investigation is open and has not yet confirmed if PIN information was compromised. However, it is good practice to reset your card’s PIN periodically.

Should I cancel my card?
There is no need to cancel your card. We will automatically reissue your card if it was affected.

What should I do if I see suspicious charges on my account?
Monitor your account(s) and review your monthly statements carefully. Notify us immediately if you see any unauthorized activity by calling 508.820.4000.

If my card has been compromised, will MutualOne Bank reissue my card?
Yes. If we find your card has been compromised, we will send you a new card with a new number.

Telephone Phishing Scam Alert

There is a telephone phishing scam underway in our area that we want our customers to be aware of. The victims of this scam receive a bogus text or telephone message that is supposedly from their bank, which is mentioned by name. The message claims that the customer’s debit card has been deactivated, and tells them to call a phone number provided in the message. When the customer calls that number, they are told to enter their debit card information and a replacement card will be issued.

Under no circumstances would MutualOne Bank contact you in this manner. If you receive such a message or experience any other suspicious or questionable activity regarding your account, please notify us immediately by calling us directly at (508) 820-4000.

Special Notice: Phishing Scam Related to Target Data Breach

Target is warning all customers about a phishing scam related to the November 27 to December 15 data breach at its stores.

Individuals may be contacted via email, phone or text by an individual claiming to be from Target. Messages ask recipients to share financial or otherwise identifying information. THESE ARE A SCAM!

In response, Target has set up a special section on its corporate website with all the official communications shared by the company surrounding the data breach. If you have received any email messages concerning the breach we urge you to visit the site and check the authenticity of any emails received against official messages from the company.

These scams may ask the recipient to verify certain information or may even claim to offer protection against a potential security issue. Please do not provide this type of information or click on any links associated with this or any other unsolicited messages.

Remember, no legitimate business will ever contact you directly and ask for your personal or private information. Please do not share your personal or private information with another party unless you initiate the communication.

If you have any questions please call us directly at 508.820.400 or visit any of our offices during normal banking hours.

Special Notice regarding data breach at Target® stores

If you made credit or debit card purchases in person at a Target store between November 27 and December 15, you may have been affected by a recently revealed data breach. Information that may have been compromised includes customer name, credit or debit card number, the expiration date, and the three or four-digit security code on cards.

We have contacted those MutualOne customers that we believe may have been subject to the breach, and are issuing new cards. If you believe your card may have been compromised and you have not heard from MutualOne, please call us at 508.820.4000, or visit any of our offices during normal banking hours.

Online purchases were reportedly not involved.

An alert on the Target website describes in detail what steps you should take to detect or avoid fraudulent use of your credit or debit card information. We urge you to review the information you will find there.

Other steps you can take include regularly reviewing activity on your account and reporting anything suspicious to your financial institution or card issuer.

Robocall Scam Alert

Several customers have made reports of an automated telephone scam attempting to obtain personal information about debit card accounts. The call claims your debit card has been compromised or is on hold. It asks that you press 1, and then input personal information including the card number and its PIN number. These are not legitimate calls and should be ignored. These calls are coming from a variety of area codes in the U.S.

Awareness is essential to help combat fraud. Should you receive any questionable calls or emails, do not provide your personal information including your account numbers, PIN numbers or social security number.

MutualOne Bank will NEVER initiate a call or email to you requesting your personal information. Do not call back a number provided over the phone or click on a link in an email. To verify whether a call or email is legitimate, call MutualOne Bank at 508.820.4000.

Most fraudulent communications will include an urgent claim about something that will concern or excite the victim. If you have been the victim of a scam, file a complaint with local law enforcement and notify us at 508.820.4000.

Questions and Answers about the incident:
Q – Have any cards been compromised?
A – None that we are aware of. It’s important to remember to never give out your card number and PIN.

Q – What happens if I have already given my card number and/or PIN to the scammers?
A – Please let us know and we will cancel your card and reissue you a new one.

Q – Is there any risk to cards of customers that do not respond to fraudulent texts or calls?
A – No. This is not a card information breach. It is a fishing expedition to attempt to have customers volunteer information about their personal cards.

Q – Does MutualOne Bank ever make calls to customers about debit cards?
A – Yes. In the event of suspicious card activity, our fraud protection partner may call. The caller never asks the customer to provide card number or PIN information.

Q – Does MutualOne Bank issue legitimate text messages to customers?
A – Yes. Customers have the option to register for text alerts that are associated with our online and mobile banking applications. These text alerts do not ask customers to volunteer information about their accounts or cards. To learn more about text alerts, click here.

Q – What should customers do if they have ongoing concerns about debit card activity or security?
A – Call MutualOne Bank’s Client Services at 508.820.4000. To directly cancel a card over concerns about loss, theft, or fraudulent activity, customers may additionally dial our Card Support Services at 800.264.5578.

Resources to protect consumers

Screen shot 2013-03-07 at 11.37.37 AM

While National Consumer Protection Week, will end on Saturday, the information shared through the website remains a valuable resources for consumers looking to protect their rights and make better-informed decisions about their finances.

Visitors to the site will find a wealth of information on everything from preventing identity theft, and protecting your home and business, to buying products & services, and investing your money.

For more information visit the National Consumer Protection Week website at

VIDEO: What is Identity Theft?

The Federal Trade Commission has created this informative video for consumers with 5 easy ways you can protect yourself from becoming a victim.

If you believe you have been a victim of identity theft, please visit your local branch, or contact Client Services at (508) 820-4000.

Please note by clicking on the link to YouTube, you are leaving the MutualOne Bank web site to enter a web site created, operated and maintained by a private business or organization. MutualOne Bank provides this link as a service to our web site visitors. We are not responsible for the content, views, or privacy policies of this site. We take no responsibility for any products or services offered by this site, nor do we endorse or sponsor the information it contains.