Target Breach Information
On December 15, 2013, Target disclosed that almost 40 million credit card numbers had been compromised. If you have been affected by the problem, here are some things you should keep in mind:
- 1. We will notify you if your card was compromised.
- 2. Because of Visa's Zero Liability promise, credit/debit cards remain a safe way to conduct business.
- 3. Check your card activity online at www.sbsu.com (debit cards) or www.eZcardinfo.com (credit cards) and notify us immediately of unauthorized charges at the address below.
- 4. Examine your checking account and/or card statement immediately upon receipt. Report any unauthorized charges at the address below.
- 5. Failure to report unauthorized charges to us within 60 days of your statement date may result in loss of Visa's Zero Liability promise.
SBSU Card Department
377 N. Main St.
Cedar City, UT 84721
Counterfeit Check Scams
Question: How long does it take for a check to clear?
Answer: At least 5-14 calendar days even with Check 21 electronic clearing.
Criminals take advantage of the lengthy check-clearing process to steal your money. They do it by issuing counterfeit checks and requesting recipients to wire or Western Union money elsewhere as part of a phony deal. Recent schemes include the following:
- Fake lotteries, sweepstakes or drawings.
- Inheritance schemes.
- Favors for people met online.
- Mystery or Secret Shopper scams that involve "testing" money transfers.
- Collections work for people based in foreign countries.
Victims are led to believe they have won a prize, have an inheritance, or are doing legitimate service for an online contact. They receive a counterfeit check with instructions to wire part of the proceeds elsewhere for a mystery shopper test, to pay taxes or fees, or help an online "friend".
Victims forget about the fraud potential. They usually deposit the check and then send money somewhere by wire or Western Union. Federal regulations inadvertently assist criminals because banks are required to make funds available to the depositor before a check has really cleared. This provisional credit is usually the money that victims send to the criminals by MoneyGram™ or by wire.
Recall that a check clears slowly (5-14 days). A wire or MoneyGram, however, moves quickly (instantaneously). Therefore, victims take a big financial risk if they send money based upon a check that has not really cleared. If a deposited check is returned, the depositor is legally responsible for repaying the bank.
Please report to your bank any deal where you are asked or are expected to transmit money by wire or Western Union. This is especially important if you have not physically met the people you are dealing with.
Actual Scams Involving Counterfeit Checks:
Bank customers have lost thousands of dollars because they wired funds somewhere before they realized a check they received was counterfeit. Remember: Slow Check + Fast Wire = Fraud. Here are just a few of the schemes:
- Fake Lottery or Sweepstakes: Have you received check in the mail along with a letter saying that you won something or received a grant? The check is fake. It’s a trick to get you to Western Union or Money Gram money back to the crooks before you find out the check is counterfeit. Remember, checks take up to 14 days to clear while a Wire or Money Gram clears instantly.
- Mystery or Secret Shopper Scams: Victims get a counterfeit check and are then asked to secretly “test” Money Gram or Western Union by sending funds back to the crooks. It’s a great scam – if you’re a criminal. Sorry, there is absolutely no chance your “employment” is legitimate if it involves testing a money transfer service. Read the Bad News Section (below) before you leave this page.
- Work-at-home note: If the job involves processing money transfers or checks, it is really theft disguised as a job. People who think they are “investing” send you money (either checks or money transfer). You then wire the money elsewhere, usually out of the country, before the senders figure out they have been scammed. You get a percentage and a possible police record when it’s all over. What a wonderful job!
- Fake Inheritance: Victims are told that an estate from a distant relative is about to be dissolved. Criminals, posing as legal officers, convince victims that "taxes or settlement costs must be paid" by wire or Western Union before the estate can be distributed. Pressure for the victim to wire money sometimes coincides with the receipt of teaser funds sent by the criminals.
- Bad News Section: You are responsible for whatever you deposit into your account. If a check you deposited is returned as counterfeit, you are legally responsible for repaying the bank. Customers who become involved in these scams – even unwittingly – and fail to repay the bank have faced criminal charges, ruined credit and bankruptcy. Don’t let it happen to you.
- Always consider the fraud element when you are asked to Wire money to people you have not physically met.
- Any work-at-home offer that involves processing money transfers or depositing checks is a scam (see note).
- Allow at least two weeks after depositing a check before acting upon instructions to ship goods or wire money.
- Be aware that your bank may release funds from a deposited check before the check has really cleared.
- Cashier's Checks, Money Orders and business checks are often used by counterfeiters.
- Allow at least 60 days for international checks or those that say "Payable Through" to allow for routing delays.
Work-at-home note: If the job involves processing money transfers or checks, it is really theft disguised as a job. People who think they are “investing” send you money (either checks or money transfer). You then wire the money elsewhere, usually out of the country, before the senders figure out they have been scammed. You get a percentage and a possible police record when it’s all over. What a wonderful job!
Safe Online Banking Tips:
A new breed of hacker is on the prowl. Armed with sophisticated software and a desire to defraud, the only thing that stands between them and access to your online account is your cooperation. How? The crooks want you to click on a dangerous link within an E-mail to download their malware.
- Be careful what you click. Most malware is delivered via E-mail that contains a link or attachment.
- Use the mouse pointer to hover over links that say things like “Click here for details”. The true destination will appear. It may not be what you think (this one will take you to our bank’s home page).
- Do not open E-mail purporting to be from NACHA, IRS, Federal Reserve, FinCEN or a host of other government entities. Those organizations do not communicate directly with consumers via E-mail.
- Other well-known phishing hooks include messages from UPS, VISA, Master Card or some vendor claiming that something that you did not order has shipped and “click here” for details. Always contact the vendor directly for confirmation instead of clicking on a link.
- Manually type the known URL for the organization you want to reach, such as www.sbsu.com (instead of clicking on a link).
- Carefully consider the source and content of the E-mail. A friend or colleague’s computer may be infected and E-mail sent from that computer may be spreading malware. Call the person to confirm he or she sent the message if you’re not sure it is legitimate.
The best defense is to remain invisible. If you are concerned about the threat of banking malware, get a separate computer for online banking and use it for that purpose only. Do not use it for any type of E-mail (including web mail like Gmail). Do not use it for browsing. Ban your kids from it. Don’t plug memory sticks into it. Most malware is delivered via E-mail, or infected web-sites or device. If you don’t do those things, your computer is unlikely to become infected.
Ebay & PayPal Users - You are Being Targeted
Ebay and PayPal are constantly preyed upon by cyber-criminals who utilize state-of-the-art phishing methods. If you sell goods on Ebay or use PayPal, please do your homework to understand the methods criminals employ to steal your passwords and gain access to your account.
- Read the section on phishing.
- Seemingly innocent request for information about an item you are selling on Ebay may contain a link to a sinister web page that captures your log-in before passing your browser back to the legitimate Ebay site.
- Manually type the URL to Ebay or PayPal. Don't trust the links embedded in E-mail messages; they may lead to a fraudulent web page.
The moral of the story: Be careful what you click!
SBSU does not notify customers via E-mail about password resets. If you need to reset your password, we’ll ask you to do it after you have logged into our Online Banking site, not via an E-mail message.
If you get a message requesting that you reset your password, it is not from us. Moreover, links that are always inside such messages will take your web browser to a sinister portal that is designed to harvest your "old" and "new" password information while you reset them. The scam works only if you click on the link planted in the fake E-mail.Protection Points:
- We do not send E-mail requesting a password change.
- If we ever require you to change your password, you will be informed AFTER logging into our system.
- Manually type the bank’s URL's into your web browser. Do not use embedded links, which may route you through a malicious web portal.
- Contact us immediately at (435)865-2394 if you believe you are a victim so that we can take corrective action.
Phishing for Card Information
Criminals are using hi-tech trickery to get you to reveal your credit/debit card information. They use fake E-mail, text messages and plain old phone calls with startling messages to get your attention, much like the following:
- Suspected fraud on your account.
- Your ATM card has been disabled.
- Your $325 order has shipped – Click here to learn more
- Urgent message from State Bank!
- Failed Transaction notice from the [agency is listed next, such as the IRS, FDIC, FTC, Federal Reserve, or other].
Recognition is the Key: You are being phished if the message (in whatever form) leads you to reveal your entire credit/debit card numbers, expiration date and/or PIN. Don’t do it! The only time you should reveal that information is to complete a transaction which you have initiated.
Clicking on a Link: E-mail may contain a link that activates malware when clicked. It could be very dangerous to click on a link to “learn more” about your disabled ATM card, or recent order that you really didn’t order. The malware is getting more sophisticated. Be careful what you click.
What happens if you reveal information? Criminals go on a spending spree with your card numbers.
If you have revealed information: Click this link for important phone numbers (Emergency Phone Numbers). Call immediately to disable your card.
Report suspected phishing: Any message that coaxes you to reveal your entire card number, expiration date and/or PIN is criminal. Report suspicious messages as follows:
- If by E-mail, forward the message to firstname.lastname@example.org.
- If by text or voice message, call (435) 865-2394.
Do not click on links. Do not reveal your card information. Browsers and web-enabled cell-phones may be vulnerable to malicious code placed on phishing web-sites.
Legitimate fraud detection phone numbers: State Bank’s card processor places automated calls when transactions fall outside expected norms. A message may be left for you to call one of the phone numbers listed here. When you return the call, we will ask for part of your card number or the last four digits of your SSN to correctly identify you. We will never ask for your entire card number (we already know it).
Emergency phone numbers: If you need to contact us about a lost or stolen card during or after business hours.