Newsroom Security Articles & Alerts

Online Shopping Safety for the Holidays

With the holidays already here, many of us will be purchasing items and gifts online; this has become commonplace but is especially true this year as we all deal with the COVID-19 pandemic. Adobe Analytics estimates that online sales this November and December will surge 33% year over year to a record $189 billion making the already rich pandemic cyberspace even more attractive to cyber thieves.1 Cybercrime has become an industry all on its own and gets more and more sophisticated every year and want us to live in a world of fear, uncertainty, & doubt (FUD), but we can protect ourselves by following good personal cyber-hygiene practices.

Everyone can play a role in protecting themselves, specifically around information safety and securing their systems & devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are several tips you can put into action now:

  1. LOCKDOWN YOUR LOGIN: Make a long, unique passphrase. Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, Use 2-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) whenever offered.
  2. WHEN IN DOUBT, THROW IT OUT: Links in email, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
  3. KEEP A CLEAN MACHINE: Keep all software on internet-connected devices – including personal computers, smartphones, and tablets – current to reduce the risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
  4. BACK IT UP: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.
  5. OWN YOUR ONLINE PRESENCE: Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
  6. SHARE WITH CARE: Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
  7. GET SAVVY ABOUT WIFI HOTSPOTS: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Only connect to known Wi-Fi networks; beware of network names that have typos or extra characters. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

The Cybersecurity and Infrastructure Security Agency (CISA) also reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.2

CISA encourages online holiday shoppers to review the following resources.

If you believe you are a victim of a scam, consider the following actions.

1 Adobe Communications Team, Oct 28, 2020
2 Online Holiday Shopping Scams, November 24, 2020

Security Articles & Alerts

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing

CISA Release Date: August 12, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

Technical Details

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

  • Subject line: SBA Application – Review and Proceed
  • Sender: Email sender will be marked as disastercustomerservice@sba.gov
  • Body: Text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting.com.br/gov/covid19relief/sba.gov

Below is a screenshot of the webpage arrived at by clicking on the hyperlink.

Click here to read the full alert.

 

Security Articles & Alerts

FBI Reports Increase in Online Shopping Scams

CISA Release Date: August 05, 2020
CISA, Revision Date: November 18, 2019

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to be diligent and be on alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

Why do online shoppers have to take special precautions?

The internet offers convenience not available from other shopping outlets. You can search for items from multiple vendors, compare prices with a few mouse clicks, and make purchases from your home. However, the internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How can you protect yourself?

  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information.
  • Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, debit cards draw money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Also, use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
Security Articles & Alerts

National Elder Fraud Hotline

National Elder Fraud Hotline 1-833-372-8311

Senior citizens are one of the largest groups targeted by financial fraudsters. Last year there was an estimated combined loss of over a billion dollars in elder fraud schemes nationwide. In response to the fraud, The Department of Justice launched a National Elder Fraud Hotline, which will provide services to seniors who may be victims of financial fraud.

If you or someone you know suspects that they have been a victim of fraud, call the hotline’s toll-free number 1-833-FRAUD-11 (1-833-372-8311).

The Hotline is staffed by experienced case managers who can provide personalized support to callers. Case managers will assist callers with reporting the suspected fraud to relevant agencies and by providing resources and referrals to other appropriate services as needed.

When applicable, case managers will complete a complaint form with the Federal Bureau of Investigation Internet Crime Complaint Center (IC3) for Internet-facilitated crimes and submit a consumer complaint to the Federal Trade Commission on behalf of the caller.

Security Articles & Alerts

Scam Alert: Government Relief Checks Trigger Latest Coronavirus Scam

Source: Better Business Bureau®

The proposed federal stimulus package announced this week includes sending every American a check to offset lost income from the coronavirus crisis. Scammers wasted no time in taking advantage of this news! BBB is already getting reports on BBB Scam Tracker (BBB.org/ScamTracker) about government imposters calling about the checks. Watch out for these phony government grants that ask for personal and banking information.

How the Scam Works
You receive a message or see a social media post claiming that you qualify for a special COVID-19 government grant. With the news stories about the proposed stimulus plan, you figure it must be true. You click the link and are taken to what seems to be an official website asking you to enter your personal information and/or banking details. It’s “necessary” to verify your identity and process your grant.

As always, there are several versions of this con. BBB Scam Tracker has received reports of people contacted through text message, social media posts and messages, and phone calls. One variation is a Facebook post telling seniors about a special grant to help pay medical bills. The link leads to a website claiming to be a government agency called the “U.S. Emergency Grants Federation” (phony, of course). The site requests your Social Security number under the guise of needing to verify your eligibility.  In other versions, scammers claim that you can get additional money – up to $150K in one case – or even receive your funds immediately. All you need to do is share personal details and pay a small “processing fee.” 

No matter what the message, don’t click! In addition to taking your money, these sites also can download malware to your device and use your information for identity theft.

Tips to Spot a COVID-19 Grant Scam: 

  • Remember, government agencies do not communicate through social media avenues like Facebook. So, be wary of unsolicited messages.  
  • Do not pay any money for a “free” government grant. If you have to pay money to claim a “free” government grant, it is not really free. A real government agency will not ask you to pay an advanced processing fee. The only official list of all U.S. federal grant-making agencies is Grants.gov
  • Check for look-alikes. Be sure to do your research and see if a government agency or organization actually exists. Find contact info on your own and call them to be sure the person you’ve heard from is legitimate.
  • Don’t assume an offer in a social media message is from a real friend. It’s easier for scammers to impersonate real people on social media. Call your friend to verify they contacted you (and share this Scam Alert with them if they are spreading false information).

For More Information
Read more about government grant scams in this BBB tip. For more information about scams in the wake of coronavirus, see BBB.org/Coronavirus.

If you’ve spotted a scam (whether or not you’ve lost money), report it to BBB.org/ScamTracker. Your report can help others avoid falling victim to scams.

Security Articles & Alerts

Robocall Scams Escalate – Because They Work

By Sarah Krouse

This article was originally published in The Wall Street Journal on November 21, 2019.

The FBI agent sounded official on the phone. He gave Nina Belis his badge number and a story about how her identity had been compromised. She gave him her life’s savings.

For most Americans, robocalls are an annoyance. For Ms. Belis, an oncology nurse in her 60s, a law-enforcement impersonation scam that appeared to have started with a robocall drew her into financial losses that sapped her family’s nest egg and derailed her retirement.

The scale of her loss — nearly $340,000 — and the ease with which the money was moved out of her accounts show why scam calls persist. They work, even on people who think they would never fall for one.

The caller preyed on what psychologists describe as a habitual reliance on people in authority, and kept Ms. Belis in a state of isolation and heightened emotion to cloud her judgment. He told Ms. Belis her Social Security number had been stolen and that crimes had been committed under her name, and persuaded her to transfer assets to accounts he controlled on the pretext of protecting the funds.

He coached the New York-area resident on how to satisfy compliance questions at financial institutions as she moved the funds and kept her on the phone for hours at a time.

Law-enforcement, telecom executives and psychologists who have reviewed Ms. Belis’s case say it is unique given how much money was lost. It also has all the hallmarks of government impersonation scams that have snared thousands of other consumers.

In the first nine months of the year, the Federal Trade Commission received more than 139,000 reports of fraud in which people claimed to be from the Social Security Administration, with losses totaling nearly $30 million.

In New York City alone, consumers lost $5.8 million in 523 Social Security Administration impostor scams between January and late October, according to the New York Police Department. Many of those used law-enforcement impostors to help facilitate the fraud.

The department began tracking that type of theft in greater detail this year for the first time because reports of them spiked. Victims in New York City ranged in age from teenagers to octogenarians.

The uptick in such theft speaks to a dangerous truth for consumers: It’s inexpensive and easy for fraudsters to blast out thousands of internet-based phone calls, and hard for law enforcement to trace those calls back to their origins. Even calls from overseas can be made to appear to be from a local area code.

Scammers benefit from the sheer volume of low-cost calls they can make with web technology, which has become ubiquitous in the past decade, as well as a trove of information on consumers’ email and physical addresses online, and on the dark web from data breaches, according to cybersecurity and law-enforcement officials.

Banks are required to have procedures in place to flag suspect transactions to regulators, but they have some flexibility to set those parameters. And the coaching many scammers give their victims provides them with plausible answers to questions raised. In general, there are few limits to a customer’s ability to move funds at will.

Ms. Belis knew about phone-based scams, but thought they had to do with fake insurance companies or callers who claimed a relative was in the hospital. “I never heard about things like what happened with me,” Ms. Belis said.

Ms. Belis had just started her morning shift at an ambulatory care center when she got a voice mail on Feb. 27, a Wednesday. It was from someone who claimed to be part of the “attorney general’s Social Security office” and said there was an issue with her identity.

“I was terrified, of course,” she said, and quickly called back. She gave the operator her name, and she was connected with the man posing as an FBI agent. He verified Ms. Belis’s name, address and email address and said her identity had been stolen.

Crimes ranging from drug deals to illicit money transfers had been committed under her name, the man said, and while he knew she wasn’t responsible, she would have to cooperate with the FBI and help with their investigation or be arrested. The agency would help her erase her current Social Security number and set up a new one. The combination of threats and assurances of help is common and convincing, law-enforcement officials and psychologists say.

To do that, he told her she would have to move her money out of existing accounts to ones he said were protected by the government or her assets would be frozen permanently.

A few years from retirement, Ms. Belis had emigrated from Eastern Europe, where she was a doctor, about 20 years ago with her husband, who had been a surgeon there. She said she was fearful her savings would become inaccessible.

The scammer asked Ms. Belis about her financial assets, and she told him where her accounts were and the amounts they held.

That conversation set off a string of phone calls and text messages between Ms. Belis and the scammer that spanned 50 of the next 72 hours, and extended further into the following week, records from her wireless carrier show.

The voice mail that started the scam came at a difficult time for Ms. Belis. Her husband was recovering from cancer treatment and one of her daughters had recently suffered a stillbirth.

“What’s being played on is a habitual or socially imposed reliance on people in authority,” Stephen Lea, professor emeritus at Exeter University and a psychologist who has studied fraud, said of law-enforcement-impersonation scams. “That uniform or that representation elicits trust in a situation where you might be less likely to trust.”

In some such frauds, scammers give victims phone numbers of accomplices who they say are local law-enforcement agents to help them navigate the process, sometimes using real officers’ names. That added verification contributes to their believability.

The scammer told Ms. Belis to remain on the phone, leave work and not discuss the problem with anyone.

She worried about her patients, but asked her manager for permission to leave, staying on the phone with her maroon folding phone case closed over the face of the smartphone while it remained connected.

Doug Shadel, state director in Washington for AARP, an organization that educates and assists retired people, spent more than a decade as an investigator in the state attorney general’s office and said criminals in theft cases capitalize on pulling victims into the “ether” — a mental state of heightened emotion, whether it be fear or excitement, that clouds rational judgment.

The scammer told her to make sure she had her driver’s license, pen and paper and phone charger, then told her to get in a cab.

Ms. Belis kept receipts for her taxi rides and an eventual two-night hotel stay and texted them to her scammer at his instruction. He would submit them to a courthouse for reimbursement, he said, a lie that gave her comfort he was who he claimed to be.

Her first stop was a Manhattan credit union where she and her husband had accounts including certificates of deposit.

Stand outside the bank, the scammer told Ms. Belis, don’t talk on the phone in the branch and don’t hang up. Send him a photo of the transfer request. If the teller asks, say the money is for apartment renovations.

Law-enforcement and bank officials said it can be difficult for banks to strike a balance between allowing consumers to do what they want with their money and asking questions to help them avoid scams, particularly when they are coached on how to answer compliance questions.

Many bank efforts to fight fraud take place after a transaction already goes through. In general, banks are required to report transactions of $10,000 or more. They must also report suspected money laundering or other crimes.

Many banks flag suspicious transactions of more than $5,000, and they must report certain types of activity that are atypical for a given customer. International transfers are typically blocked if the recipient is on a sanctioned list but otherwise usually proceed, even if they involve large amounts of money.

Ms. Belis initiated two transfers that February afternoon to accounts given to her by the scammer at Bank of America that totaled $40,450, her financial records show.

The scammer told Ms. Belis she was being watched by another agent and, as the bank closed for the day, instructed her to rent a hotel room. She told her husband she had to stay the night at work.

Instructions resumed early the next morning. The scammer told her to take a taxi to a credit union where she had an account in New Jersey.

She waited for an hour outside the bank for instructions on where to send the next chunk of money — an account at Panamanian bank Banistmo SA. Ms. Belis bought the taxi driver a cup of coffee and doughnut while they waited.

After sending $19,950 from the New Jersey credit union to the Panamanian account, Ms. Belis headed to Citibank, where she sent $30,500 to a Bank of America account — a different account number from those used the day before but carrying one of the same names.

Her family, meanwhile, was growing worried. She had never spent a night at work and hadn’t been in touch that day with her elderly mother, whom she called daily.

Ms. Belis asked the scammer for permission to call family members, and he told her that her cellphone was wiretapped. She should only use her phone to call him. She stayed another night in the hotel.

The next morning, Friday, brought what appeared to be good news: The agent said he had started to cancel the arrest warrant and the process would be complete once the transfers went through. He asked her to stay at the hotel for another two nights.

Ms. Belis said she became angry and so upset that she shook and asked to go back to her family. She told him she would rather be arrested than stay away from home longer.

The scammer eventually agreed but said she must not discuss the Social Security number issue.

When she returned home, her husband met her at the bus stop and said she looked pale. He had called her co-worker to ask if spending the night at work was normal, and the colleague said no, but he trusted his wife. He thought about going to see her, and then decided that she would likely be home in the morning.

Inside their apartment, Ms. Belis told him her identity had been stolen. While he had some doubts, he believed her and saw that she was scared. She didn’t tell him anything about moving money out of their accounts.

He told her that law-enforcement officials were responsible for investigating the identity theft she described, but she wanted to clear her name. His wife continued to receive calls from a person she said was investigating her case.

Later, at The Wall Street Journal’s request, executives at robocall-blocking services that study telephone network traffic looked at records tied to the phone number Ms. Belis’s caller used. The number was linked to other user-reported scams around the same time, they said.

Jim Tyrrell, senior director of product marketing at TNS Inc., said his company, which works with large carriers, detected about 100 calls from the number in February and a smaller number since then. That is a sign that the number was used for what is called “snowshoe spamming,” he said, in which scammers originate a small number of calls from a large group of phone numbers — spreading out calls to avoid detection, the way a snowshoe spreads a person’s weight out to make it possible to walk on top of snow.

The calls in question appear to have originated in India, said a spokesman for AT&T, Ms. Belis’s carrier at the time, and the number had previously been reported to law-enforcement officials.

Internet-calling technology helps facilitate another tactic popular with scammers: “neighbor spoofing,” in which scammers spoof or fake the number appearing on your smartphone screen to make it look like the caller is close to you. That makes many people more likely to answer the phone.

The number used to scam Ms. Belis was disconnected on Sept. 18 after the Journal notified the company that controlled it that the phone number had been used in a scam. Legitimate companies that sell phone numbers and low-cost internet-based calling services can sometimes be used by scammers to acquire the loads of numbers needed for fraud. Ride-sharing services, school-closure robocalls and businesses often legitimately use the services.

Over the weekend, the scam against Ms. Belis continued. The person called her to ask about her retirement savings, and she filled him in with the details. He told her she had to transfer that money to the government-protected accounts, too.

She needed her husband’s authorization to withdraw those funds and persuaded him to sign, telling him that she would go to jail if she didn’t move the money. She told him about the transfers from the prior week but didn’t show him the documents, so he didn’t know some of the funds had been sent to Panama.

A customer-service representative at her retirement-account administrator asked why she was withdrawing the $273,000 in her account, but the scammer had prepared her to answer questions. She said she was using it to open a business — the fake agent had made her believe that everything about the purported identity-theft investigation had to remain secret. She paid more than $50,000 in taxes when she withdrew the retirement funds on Tuesday, and transferred the rest to her account at Citibank.

On Wednesday, Ms. Belis sent $190,000 from her Citibank account to a second account at the Panama bank Banistmo. She believed the ordeal was over.

After dinner on Sunday, she thought the transaction had cleared and told her husband she was feeling better. He asked to see the paperwork, and she showed it to him. When he saw that the money had been moved to a bank in Panama, alarm bells rang.

“I lost my speech,” he said.

He realized it was fraud, and the couple went to see one of their daughters. They called Citibank that night to stop the transfer, but the fraud department was closed.

They went to the police and filed a report at 8:30 p.m. It was 12 days since she first received the scammer’s voice mail. Ms. Belis’s losses, including taxes she paid when withdrawing her retirement funds, the banking fees and hotel and taxi costs, totaled $337,105.

A Citibank spokesman said the bank encourages customers to be alert to confidence schemes. “In this instance, the beneficiary bank reported that the recipient received the funds on the same day they were sent,” he said. Customers who receive unsolicited and suspicious requests should file reports with law enforcement and contact the bank, he said.

Self Reliance New York Federal Credit Union didn’t respond to requests for comment. Val Bogattchouk, chief executive of Nova UA Federal Credit Union, the New Jersey credit union, said: “Our credit union is very concerned about the ever increasing frequency of fraudulent financial schemes impacting unknowing individuals, including a member of our institution,” adding the credit union works to educate its staff and customers to be vigilant and encourages international regulators to investigate and pursue scammers.

A spokesman for TIAA, the retirement-account administrator, said “customer security is a top priority, and we have robust processes in place to authenticate clients’ transactions.”

A spokeswoman for Banistmo declined to comment.

Ms. Belis said the FBI and NYPD have so far helped her recover about 8% of her money, and she recently learned she may be eligible for part of an additional $10,000 that law-enforcement officials recovered.

The family is in touch with a Citibank manager who works on security and investigations after emailing top executives about the scam. Law-enforcement officials have told her it is unlikely she will get back additional assets, particularly money sent overseas. The FBI declined to comment on the investigation.

The family has changed Ms. Belis’s phone number and purchased a robocall-blocking app. The police told them victims of fraud are far more likely to be approached by new scammers, and to fall for fraud again.

Ms. Belis said she is embarrassed but decided to share her story to help others avoid becoming victims. She had hoped to help raise her grandchildren and travel in retirement but knows those things are no longer possible. She will have to keep working.

“I know my kids won’t leave us alone, but I don’t want to use their money,” she said. “I pray to be able to work full time as long as possible.”

Write to Sarah Krouse at sarah.krouse@wsj.com

Security Articles & Alerts

College test prep scams are happening

Source: Federal Trade Commission: Consumer Information

Recently, we heard about scams targeting parents of high school students preparing for college. The scammers claim to be from The College Board – the organization responsible for the PSAT and SAT tests. They call or email you, asking for credit card numbers so they can send PSAT prep materials that the student has supposedly requested. Often the scammers have the student’s name, address and phone number – making them seem more believable. Except your student didn’t ask for materials, and it’s not this group calling.

Here are some tips to avoid a test prep scam.

  • The College Board will never ask you to give credit card, bank account or password information over the phone or via email.
  • Make sure the company offering test prep materials is legitimate. How? Before you give up your money or personal information, research the company online. Search for their name plus the word “scam” or “complaint.” See about other people’s experiences. And talk to someone you trust, like another parent or your child’s school counselor, before you pay.
  • Consider how you pay. Credit cards have significant fraud protection built in – meaning that, if you find out you paid a scammer, you may be able to get your money back if you report it quickly. And if anyone asks you to pay by wiring money or by using a reloadable card or gift card, it’s a scam.

Spotted a scam? Whether you lost money or not, let us know at ftc.gov/complaint.

Security Articles & Alerts

Spread the word about charity fraud

Source: Federal Trade Commission: Consumer Information

This week, the FTC, the National Association of State Charities Officials (NASCO), and state charity regulators are joining forces with regulators from across the world to participate in the first International Charity Fraud Awareness Week.

Make your donations count

It’s extremely important to raise awareness about charity scams to help ensure that donors’ hard-earned money goes to the worthy causes they seek to support, not to fraudsters. Would you help us spread the word? Here are a few things you can do this week:

•    Share this video with your friends and family.
•    Follow us at Facebook.com/FederalTradeCommission and on Twitter at #CharityFraudOut to get tips about donating wisely and avoiding charity scams. This week, we’ll be sharing tips on donating after natural disasters, handling telemarketing calls, privacy, online giving, and wise giving.

And here are a few tips to avoid donating to a sham charity:

•    Look up the organization online and read what others are saying about it. Search the charity’s name with the terms “scam” or “complaint.”
•    Check out the charity’s ratings with groups like the Wise Giving Alliance, Charity Navigator, Charity Watch and Guide Star. Find out how at FTC.gov/Charity.
•    Verify that the organization is registered with your state charity regulator. Most states require charities or their fundraisers to register before they can ask for donations.

Security Articles & Alerts

Cybersecurity Resources for Non-Profits

Source: Federal Trade Commission: Consumer Information

Do you work for a charity or other non-profit? If so, you know that your organization collects all sorts of private information, including details about people you serve and financial information related to donors. Your own personal information, too, is probably in your organization’s employee records. Cyber criminals would love to get their hands on that data. You can help protect your organization using the information at FTC.gov/Cybersecurity.

At FTC.gov/Cybersecurity you’ll find resources on 12 different topics including cyber scams like ransomware and phishing, key considerations like physical security and vendor security, and more technical guidance on things like email authentication. The guidance in these new materials is based on the FTC’s expertise in the area of data security, privacy protection, and scam prevention. The materials are designed for small businesses, but the same tips and information apply to charities and other non-profits.  If you collect information about people, you need to protect it.

Imagine if your donors’ credit cards are exposed because of a phishing scheme, or if your network gets blocked by a ransomware attack. That can be devastating — not just for the organization and employees like you, but also for the communities that rely on your services. To help protect your organization’s network and data, make cybersecurity part of your business routine.

You can start with these basic cybersecurity tips:
•    Use security software and set it to update automatically
•    Back up important files offline, on an external drive or in the cloud
•    Encourage your organization to have policies covering basic cybersecurity and to train employees on those policies
•    Visit FTC.gov/Cybersecurity and share the fact sheet, quizzes and videos with your colleagues.

You are now leaving The Village Bank

Weblinks – By clicking the link to an outside URL, you will enter a web site created, operated and maintained by a private business or organization. The Village Bank provides this link as a service to our website visitors. We are not responsible for the content, views, or privacy policies of this site. We take no responsibility for any products or services offered by this site, nor do we endorse or sponsor the information it contains. Village Bank is not responsible for the accessibility of this link. Email – Email is not secure. Time-sensitive requests or private information, such as account numbers, should not be sent via email.

You will be redirected to

Click the link above to continue or CANCEL

The Wayland branch renovation project is complete!
The lobby is open to customers starting Monday, January 25.
Stop in and see our exciting new look.
Skip to content