If you receive an unexpected call, email, or text that claims to be from Cape & Coast Bank and requests a password, login, security or verification code, please do not share this information.  Please contact our Customer Assistance Center, located at Hyannis, at 508-568-3400 with any questions.

As the holiday season kicks into high gear, unfortunately so do scams.

This time of the year we see an increase in debit/credit card fraud and social engineering scams. Social engineering is the use of deception to manipulate individuals into sending money, or divulging personal information that may be used for fraud.

• Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
• Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.
• If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.
• Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious.

Popular Scams

Scammers are usually after your money or personal information. They trick unsuspecting individuals into sending money or divulging personal information by creating situations that feel very urgent and realistic.

Imposter Scams

A scammer pretends to be someone you trust — a government agency like the Social Security Administration or the IRS, a family member, a love interest, or someone claiming there’s a problem with your computer. The scammer can even have a fake name or number show up on your caller ID to convince you.

Scammers use caller ID spoofing
Scammers can make any name or number show up on your caller ID. That’s called spoofing. So even if it looks like it’s a government agency like the Social Security Administration calling, or like the call is from a local number, it could be a scammer calling from anywhere in the world.

Scammers make unsolicited calls
Phone scams come in many forms, but they tend to make similar promises and threats, or ask you to pay certain ways. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or phishing emails.

Callers try to scare their victims
Many phone scams use threats to intimidate and bully a victim into paying. They may even threaten to arrest, deport or revoke a license if the victim doesn’t immediately pay a debt, fine, or fee.

Online Shopping Scams

Online shopping scams happen when you purchase items online at extremely low or unbelievable prices but never receive them. Tempting ads on social media will promote incredible prices and have links that take you to sites that appear to be legitimate and sell well-known brands, but these sites are often fake. Be wary of websites that have no contact information, broken contact forms, or use personal email addresses. Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.” Be very cautious of online promotions or deals that appear too good to be true. It’s far safer to purchase items that may cost slightly more, but from trusted sites that you or your friends have used before.

Money Mule Scams

A Money Mule scam is a type of scam in which criminals use their victims to move stolen funds. Money mule scams can take many forms, and commonly involve online dating, work-at-home jobs or prizes. In a typical scam, the fraudster sends the victim money to deposit into a bank account and then asks them to send some of it to someone else, usually through a gift card or a wire transfer. When the initial check is later found to be fake, victims are on the hook for the full amount.

You can avoid money mule scams by never using your own bank account or opening a new account in your name to transfer money for an employer; never pay to collect a prize or move any money out of your “winnings”; and never send money to an online love interest. If a money mule scam is suspected, you should break off contact with the scammer, inform your bank and report the incident to the FTC.

How do you avoid being a victim?

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not reveal personal information (account numbers, social security numbers, etc.) on a phone call unless you have initiated the phone call.
• Don’t send sensitive information over the internet before checking a website’s security. (See Protecting Your Privacy for more information.)
• Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with “https”—an indication that sites are secure—rather than “http.”
  Look for a closed padlock icon—a sign your information will be encrypted.
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls for Home and Small Office Use, Protecting Against Malicious Code, and Reducing Spam for more information.)
• Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
• Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
• Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
• Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

From old fashioned tricks such as check fraud to techniques employed by sophisticated computer hackers, financial scams are on the rise. Being forewarned is to be forearmed with information that can help you steer clear of some of the more popular scams designed to steal your money, or your identity.

Here are some of the more prevalent scams you’re likely to encounter, followed by a series of tips on how to protect yourself from falling prey.

Tech Support Scams: Fraudsters pose as representatives from reputable tech companies, claiming a victim’s personal computer or phone has been compromised. Victims are then persuaded to transfer funds to supposedly “secure” accounts. Most often senior citizens fall prey to tech support scams.

Phishing Scams: Emails or texts are used to trick victims into providing personal information, perhaps to remedy a supposed account problem with a subscription, credit card, or other account. These messages often appear to come from trusted companies and organizations.

Political Season Scams: The 2024 election year cycle is in full swing with text message solicitations for candidate contributions. Beware of legitimate looking messages which ask for a credit card number, and in some cases your bank account and routing number. If you intend to make a contribution to a candidate, or any organization, visit their website through a secure server.

Government Imposter Scams: Scammers pose as government officials, often from the IRS, claiming the victim owes money or has an unclaimed refund. Confirm any such claims by reaching out directly to the IRS.

Weather Emergency Scams: Weather scams can strike either before or after a storm. In some cases fake insurers offer an extended coverage policy for potential damage, or if your region does sustain damage, imposter contractors solicit money up front for promised repairs that never take place.

Service Shut-Off Scams: Imposters play the role of a cable service, wireless carrier, electric company or gas utility representative and threaten service will be shut off unless funds are forthcoming.

Check-Cashing Scams: A scammer asks someone to cash a check for them, which later bounces, leaving the victim liable.

Overpayment Scams:  Small businesses often fall prey to this trick. Counterfeit checks for more than the owed amount are received followed by a request for the difference to be wired back.

Unsolicited Check Fraud: Victims receive unexpected checks that, when cashed, bind them to unwanted services or memberships.

Automatic Withdrawal Scams: Scammers use fake offers to obtain bank information and set up unauthorized withdrawals. Another popular technique is employed by con artists who will offer assistance at a public ATM, only to exchange your bank card with a phony card using sleight of hand.

How to Protect Yourself:

• Verify the legitimacy of texts, emails or phone calls by placing a call directly to the bank, organization or agency.
• Be cautious of sharing personal information at all times.
• Never cash checks for strangers.
• Verify the authenticity of received checks.
• Promptly report suspected scams to authorities and financial institutions.

While financial fraud and scams can be a costly inconvenience, identity theft can take months to remedy, potentially placing every aspect of your personal records in jeopardy. Your social security number should be protected at all times. Criminals gain access to your social security number by various methods such as dumpster diving, skimming, phishing, changing addresses, and stealing mail. Protect yourself by:

• Shredding sensitive documents.
• Never share personal information over unsolicited calls.
• Black out your social security number on any copied documents where it is not essential information.
• Reviewing financial statements promptly.
• Checking credit reports annually for inaccuracies.
• Using secure websites for online transactions. Secure websites begin with what is called a URL prefix ending in “s” – For example: https://www.Website. Make sure the “s” is present.
• Request that the USPS place a hold on your delivered mail if away on vacation.

Overall, being aware of common scams and practicing caution can help protect personal and financial information from being compromised.

The security of personal and account information is extremely important to Cape & Coast Bank. As a true community bank, it is our responsibility to keep you, the customer, informed of current fraud trends and to educate you on how to best protect yourself. By taking a proactive approach, we can help ensure that your private information is protected.

For more information, please visit Cape & Coast Bank website.

Fraudsters are rapidly turning to “snail mail” for their latest scams. Since the pandemic, check fraud has increased nationwide by 385%, according to the U.S. Treasury Department.

Check fraud schemes commonly target the U.S. mail to steal checks, alter or wash them to change the payee and dollar amount, and ultimately steal money from victims’ accounts, according to the American Bankers Association.

To combat check washing and protect your mail and checks, you can take the following actions:

• Get your mail promptly after delivery. Don’t leave it in your mailbox overnight.
• If you’re heading out of town, ask the post office to hold your mail until you return.
• Sign up for informed delivery at USPS.com. It sends you daily email notifications of incoming mail and packages.
• Contact the sender if you don’t receive mail that you’re expecting.
• Consider buying security envelopes to conceal the contents of your mail.
• Use the letter slots inside your Post Office to send mail.

To protect your checks, bank customers can:

• Use pens with indelible black ink so it is more difficult for a criminal to wash your checks.
• Don’t leave blank spaces in the payee or amount lines.
• Don’t write personal details, such as your Social Security number, credit card information, driver’s license number or phone number on checks.
• Use mobile or online banking to access copies of your checks and ensure they are not altered. While logged in, review your bank activity and statements for errors.
• If your bank provides an image of a paid check, review the back of the check to ensure the indorsement information is correct and matches the intended payee, since criminals will sometimes deposit your check unaltered.
• Consider using e-check, ACH automatic payments and other electronic and/or mobile payments.
• Follow up with payees to make sure that they received your check.

If you suspect you’ve been a victim of check fraud, you should file a report immediately with:

• Your bank and request copies of all fraudulent checks.
• Local police department.
• U.S. Postal Inspection Service at https://www.uspis.gov/report or call 1-877-876-2455.

Since 2004, October has been declared Cybersecurity Awareness Month in the United States.  While the designation serves as an annual reminder for consumers and businesses to assess vulnerabilities and risks for cyberattacks and breaches, we must be vigilant every minute, hour, day and month throughout the year.

Cybercriminals are on the prowl constantly from around the globe, enticing consumers and businesses with online ads, offers and emotional appeals often “too good to be true.” These malicious tactics are designed to capture password information, financial and bank account data, credit card numbers and other sensitive personal information to facilitate identity theft quickly and easily.

Through the years, cybercriminals have become increasingly sophisticated, rendering even the most experienced and savvy technology users vulnerable, underscoring the necessity of identifying security weaknesses and staying abreast of the latest scams.

Current scams that are commonplace include vishing, which is a fraudulent practice of making phone calls or leaving voicemail messages from a supposedly reputable source to lure individuals into revealing personal information. Phony calls regarding expiring car warranties are a ubiquitous example of vishing.

Of course, phishing, whereby the fraudulent requests of personal information are made thorough email and text messages – notices about compromised PayPal or Amazon accounts are common – remain a serious cybersecurity threat.

According to the Federal Trade Commission, Americans lost $5.8 billion to phishing and other fraud in 2021, a 70% increase from 2020. Astounding.

At The Cooperative Bank of Cape Cod, we are committed to ensuring that customer private information is safe and secure. To help protect the private information of our consumer and business clients, we recommend: creating strong passwords; reviewing bank accounts often; using caution when surfing the internet; using up-to-date operating systems and software that are supported by the manufacturer; installing manufacturer recommended updates to computers and mobile devices; installing and maintain firewalls and real-time antivirus/anti spyware software; securing computers and mobile devices when not in use; and learning to spot the signs of potentially fraudulent attacks.

The American Bankers Association (ABA) earlier this month revamped its #BanksNeverAskThat campaign and website. The program offers a treasure trove of information and hints to learn how to spot fraudulent texts, emails and phone calls by knowing the questions and requests a bank would never ask.  I highly recommend a visit to www.BanksNeverAskThat.com – a few minutes on the site could save you a lot of money and misery.

Remember, preparation and knowledge are the best way to protect sensitive information to prevent an individual or business from becoming the victim of a cybercriminal.

Paul Forni is Information Security and Red Flag Officer for The Cooperative Bank of Cape Cod.

Mailbox fishing scams have increased across the Northeast, and unfortunately they’ve made their way to Cape Cod. The scam generally takes place at USPS drop boxes, the blue mailboxes with the pull-down drop door.

The pull-down door on the USPS mailboxes makes it far too easy for criminals to fish out your mail. There are several ways a criminal can attempt to steal mail. One commonly used method is attaching a piece of string to a rodent trap or bottle with glue covering it. After obtaining the stolen mail, a criminal will sift through it and look for checks, cash, and gift cards. According to an article by NBC news, if a criminal finds a check, they will often use household cleaning products to wash the ink off. Then, the criminal can write a new name on the check and change the value to whatever they want.

Many USPS locations are upgrading the blue drop boxes to replace the pull-down door with a narrow slot to minimize the risk of mailbox fishing. In the meantime, USPS has listed several tips to help protect yourself from falling victim to mail fishing scams:

1. Deposit mail close to pick-up time
2. Take your mail inside the post office
3. Inquire about overdue mail
4. Do not send cash
5. Arrange for prompt pickup
6. Use hold for pickup
7. Request signature confirmation

Remember, instead of mailing checks, you can pay your bills securely through your online bank account, too.

Every day, thousands of people fall victim to fraudulent emails, texts and calls from scammers pretending to be their bank. The Federal Trade Commission’s 2019 report on fraud estimates that American consumers lost a staggering $1.48 billion to phishing scams in 2018. The problem has only grown worse during the COVID-19 pandemic, given the increased use of online and digital banking tools.

To mark the beginning of National Cybersecurity Awareness Month, The American Bankers Association, joined by banks of all sizes across the nation, today launched a first-of-its-kind, industry-wide campaign to educate consumers about the persistent threat of phishing scams. “With the help of banks from across the nation, we’re turning the tables on the bad guys by empowering consumers with the tools they need to spot bogus bank communications” said Rob Nichols, ABA president and CEO. The #BanksNeverAskThat campaign reinforces the notion that banks do not text, call or email customers asking for sensitive information like their passwords and PIN.

National Cybersecurity Awareness Month is a collaborative effort between government and industry that raises nationwide awareness of cyber crimes and prevention every October. Because it coincides with the launch of #BanksNeverAskThat, ABA is celebrating with a cybersecurity-month sweepstakes. Every week during the month of October, site visitors can test their scam savviness by taking the #BanksNeverAskThat quiz, then sharing it on Twitter for the chance to win one of 15 gift cards. All entrants in ABA’s sweepstakes will also be eligible to win the $1,000 grand prize at the end of the month.

What is Phishing?

Phishing is a type of online scam where criminals make fraudulent emails, phone calls, and texts that appear to come from legitimate businesses, even your bank. Every year, people lose hundreds, even thousands of dollars to these scams. The communication is designed to trick you into entering confidential information (like account numbers, passwords, PINs, or birthdays) into a fake website by clicking on a link, or to tell it to someone imitating banks and businesses on the phone.

What to do if you receive a scam email, call, or text

Email or Text

If you suspect that an email or text you receive is a phishing attempt:

• Take a deep breath. In most cases, it’s perfectly safe to open a scam email or text. Modern mail apps, like Gmail, detect and block any code or malware from running when you open an email. The key is not to click links, or download any attachments.
• Do not download any attachments in the message. Attachments may contain malware such as viruses, worms or spyware.
• Do not click links that appear in the message. Links in phishing messages direct you to fraudulent websites.
• Do not reply to the sender. Ignore any requests from the sender and do not call any phone numbers provided in the message.
• Report it. Help fight scammers by reporting them. Forward suspected phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726). Then, report the phishing attack to the FTC at ftc.gov/complaint.

Call

If you receive a phone call that seems to be a phishing attempt:

• Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
• Do not respond to the caller’s requests. Financial institutions and legitimate companies will never call you to request your personal information. Never give personal information to the incoming caller.
• If you feel you’ve been the victim of a scam and provided personal or financial information, contact your bank immediately at their publicly listed customer service number. Often, this is found on the back of your bank card. Be sure to include any relevant details, such as whether the suspicious email, call, or text attempted to impersonate your bank and whether any personal or financial information was provided to the spammer.

What to do if you fall for a scam email, call, or text

1. Contact your bank, financial institutions, and creditors
   • Speak with the fraud department and explain that someone has stolen your identity.
   • Request to close or freeze any accounts that may have been tampered with or fraudulently established.
   • Make sure to change your online login credentials, passwords and PINs.
2. Secure your email and other communication accounts
   • Many people reuse passwords and your email or cell phone account may be compromised as well.
   • Immediately change your accounts’ passwords and implement multi-factor authentication— a setting that prevents cybercriminals from accessing your accounts, even if they know your password — if you haven’t already done so.
3. Check your credit reports and place a fraud alert on them
   • Get a free copy of your credit report from annualcreditreport.com or call 877.322.8228.
   • Review your credit report to make sure unauthorized accounts have not been opened in your name.
   • Report any fraudulent accounts to the appropriate financial institutions.
   • Place a fraud alert on your credit by contacting one of the three credit bureaus. That company must tell the other two.
     – Experian: 888.397.3742 or experian.com
     – TransUnion: 800.680.7289 or transunion.com
     – Equifax: 888.766.0008 or equifax.com
4. Contact ChexSystems at 888.478.6536 to place a security alert on the compromised checking and savings accounts when a deposit account has been impacted.
5. Contact the Federal Trade Commission to report an ID theft incident: visit ftc.gov/idtheft or call 877.438.4338.
6. File a report with your local law enforcement
   • Get a copy of the report to submit to your creditors and others that may require proof of the crime.

For more tips on ways to protect yourself from fraud, visit our resources: https://staging.thecooperativebankofcapecod.com/resources/your-security/

A scammer pretends to be someone you trust — a government agency like the Social Security Administration or the IRS, a family member, a love interest, or someone claiming there’s a problem with your computer. The scammer can even have a fake name or number show up on your caller ID to convince you.

Below are tips to guard against scam phone calls from thieves intent on stealing a victim’s money or identity.  Here are several tips to help guard against being a victim of imposter phone scams:

Scammers use caller ID spoofing
Scammers can make any name or number show up on your caller ID. That’s called spoofing. So even if it looks like it’s a government agency like the Social Security Administration calling, or like the call is from a local number, it could be a scammer calling from anywhere in the world.

Scammers make unsolicited calls
Phone scams come in many forms, but they tend to make similar promises and threats, or ask you to pay certain ways. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or phishing emails.

Callers try to scare their victims
Many phone scams use threats to intimidate and bully a victim into paying. They may even threaten to arrest, deport or revoke a license if the victim doesn’t immediately pay a debt, fine, or fee.

For more tips on ways to protect yourself from fraud, visit our resources: https://staging.thecooperativebankofcapecod.com/resources/your-security/

Now, more than ever, incidents of fraud are happening daily, and scammers are coming up with new schemes to prey upon the others for financial gain. Currently, there is fraud specifically targeting unemployment assistance due to the COVID-19 health crisis.

There have been many reports of Massachusetts residents receiving letters in the mail from The Department of Unemployment Assistance (DUA) confirming a claim for unemployment benefits. The problem is, they’re currently working and never filed to receive those benefits. This fraud is part of a national unemployment fraud scheme, where illegitimate unemployment benefit claims are being submitted using stolen social security numbers and other personal information from past national data breaches.

If you believe someone has applied for unemployment benefits using your personal information, report the suspected fraud immediately by filling out The Department of Unemployment Assistance’s secure fraud reporting form to alert them or call the DUA customer service department at (877) 626-6800.

Steps you can take to protect yourself:

• File a police report with your local police department. Get a copy of the report that you can provide to creditors and credit agencies.
• Change passwords on your email, banking, and other personal accounts.
• Make a list of credit card companies, banks, and other financial institutions where you do business. Tell them you are a victim of identity theft, and ask them to put a fraud alert on your account.
• Get a copy of your credit report and dispute any fraudulent transactions. Did you know The Coop offers free credit monitoring? Learn more here.
• Place a credit freeze with each of the 3 major credit reporting agencies. Call each of the credit reporting agencies at these phone numbers or visit their websites to freeze your credit:
  1. Equifax: 800-349-9960 or freeze your credit online
  2. Experian: 888‑397‑3742 or freeze your credit online
  3. TransUnion: 888-909-8872 or freeze your credit online.
• Place a fraud alert on your credit file. You can do this by contacting just 1 of the credit agencies to add an alert with all 3 agencies.

For more information on how to protect your identity and recover from identity theft, visit the Federal Trade Commission’s website: https://www.identitytheft.gov/

For more tips on ways to protect yourself online, visit our resources: https://staging.thecooperativebankofcapecod.com/resources/your-security/