Security Resources
Century Bank is concerned about cyber security for our clients. This page is dedicated to showing you pertinent information to protect you, your businesses and your families by sharing news, updates, and articles regarding cyber security.
If you receive a message about someone streaming the funeral of someone you know - confirm, by contacting other people you know who would know the presumed deceased, that this is happening. No reputable funeral service is going to charge the attending mourners for the service, those costs would be billed to the family of the deceased who made the arrangements for the video feed. If you are asked for money to stream the funeral (or another event) of someone…it’s a scam!
Major news events are often used as subjects in phishing emails. Hurricanes and other natural disasters, the recent assassination attempt on Donald Trump, and others will not be exceptions.
The phishing emails will take a few common forms. Some may contain links to a “video” of the event which, when clicked will attempt to load malware on your computer. Others will involve fake donation sites that collect your credit/debit card information and other financial information so they can be used for identity theft.
Be very careful when opening this type of email. Don’t click on links to a “video” in the emails. Go to a trusted news source, there will be plenty of video there. Make sure you research the organization behind any donation requests so you know your money will reach where you want it to.
Help us protect your money and personal information by being careful and “Think before you click.”
QR codes are popping up in many places. They are being used in emails (and as emails that get converted to SMS messages to your phone), because…no matter the destination of the QR code, the email filter doesn’t block it (unless it’s a very high-end filter and actually runs the code in a sandbox to test it as part of the filtering). Often these codes are sent in emails that appear to come from banks or government agencies. The sites are often copied from the real site, and thus look very official. At the very least, if the scammer can get you to provide a username and password at the site, they can test that to see if you’ve re-used the password on other sites. If they can get you to enter other information like your SSN, credit/debit card number, date of birth, they can they use all of that to try and pretend to be you if they call Century Bank (or your credit card company).
Any email containing a QR code should be viewed with suspicion. Were you expecting the email? Can you call the sender and confirm they sent it (don’t use a telephone number included in the email with the QR code)? Any destination reached after scanning a QR code should be viewed with suspicion as well, especially if it indicates something needs to be done urgently.
Be careful and verify any QR code before scanning. If you do that, you won’t get quished!
In 2022, scammers stole over $8.8 billion from regular people like you. Think you know the five red flags of phishing in e-mail, calls, and text messages.
A common practice among fraudsters is creating a domain name that is slightly misspelled from what could be a legitimate site. That one letter difference could be the only way to know the site is a fake. The subtle difference between a domain including the word “online” and the misspelled “onlune” might be your only clue if fraudsters have cloned the real website for the target organization.
The practice is called typo squatting. Sometimes it’s used to try to get the legitimate organization to pay a premium to take over the domain so that the bad guys don’t use it when someone accidentally mistypes a word in a website name. It can also be used as a target for links sent via email or text message which people might click on if they don’t carefully read the site name. Most often the purpose of this is to direct the victim to a login page where they enter their credentials (username and password) for the real site, and the thieves capture that information. We will send you a secure access code in addition to your user ID and password. That is only secure if you never give the passcode to anyone who calls you (especially if you receive a secure access code and you haven’t recently tried to login to the site).
Remember:
1) Century Bank will not call and ask you for your password or secure access code.
2) Carefully check the name of any site you typed in, or especially if you were sent a link to be sure there is no misspelling.
If you receive a call claiming to be from Century Bank’s fraud department or customer support, or from any other company you do business with, and you didn’t create a previous service request - the call, email, or SMS text is most likely a scam. Often the first things you are asked are to “identify yourself” by providing your Social Security number, account number, date of birth, etc., and it is collecting this information that is the real purpose of the contact.
Personal identifying information is currency in the criminal world. If a scammer can get you to give up information, they can then sell that to a site on the dark web for someone to try to put together with other information. The more data they have about you personally the more likely they can rip you off. They can pretend to be you over the phone or by email (anywhere that they don’t have to produce official identification). There’s a reason your driver’s license is hard to fake these days with several built-in security features. A backstop so scammers can’t use a fake to rip you the legitimate owner off.
Don’t give information to anyone who calls, texts, or emails you if you didn’t initiate the exchange. Get a “case number” from the person contacting you, then look up a valid phone number, call the business back, and ask about the case number you were given. If the business doesn’t know anything about the “case” (as will most often be true) the care you have taken has just saved you money you might have lost in a future rip-off.
Note Century Bank may send you a text message to confirm (or not) a suspicious transaction. As you can see, our message only asks that you respond Y or N. No other information is requested. It is important that you respond to these messages so we know and can help protect you if thieves are faking your card in purchases. If you don’t respond to one of these texts, we may have to lock your card until we can contact you.
When you receive something unexpected by text or email remember to think before you click and call us directly.
The most recent scam links all have the word “Century” in the site name. They are using domains such as “.online” or “.tech”.
These are fraudulent – don’t click and report as JUNK:
Usermycentury.tech
Help-mycenturyreport.tech
Mycenturymember.tech
Mycenturyreport.online
Emails are also being used including not only “Century”, but “CenturyBank” as well in the sender’s name. For example:
centurybanksupport “@” servicesalert.info
mycenturysms “@” servicesalert.info
bankalerts “@” mycenturyhelp.tech
Remember, think before you click, and call us at 505.995.1200, to check anything that you don’t trust.
We will never send you a text message with a link to a web page in it!
THINK BEFORE YOU CLICK - CALL US INSTEAD!
Someone is sending text messages to a large number of phones in the 505-area code (not just to our customers) with links to various sites, some of which have “century” somewhere in the name, and the link appears to load a login page for our Online Banking. If you enter your credentials, the thieves now have that, they will call you to get the one-time code we send you and then, using the information you have provided, they can set up bill pay or Zelle transfers to accounts they control with your money. Worse still, they can change the cell phone associated with your account and the password, and now they have access to your money, and you don’t.
Here are the most important things to remember:
- We will never send you a text with a link in it.
- We will never call you and ask for your SAC code (the one-time code when you log in), or debit card or account number, or your personal information (SSN, DOB, address, etc.).
- For any link, no matter how you receive it, look carefully at it. If you can’t tell exactly where the link is going - DON'T CLICK ON IT (websites can also try to infect machines that just visit them, which is another type of computer crime).
If you have any doubts or questions, think before you click and call us instead (look the number up on our website, so you know you’re getting the correct information).
We have received reports that some customers have received text messages similar to the item below. Even though the link doesn’t look like anything Century Bank related, it lands on a page that was scraped from our Online Banking main page.
If credentials are entered the attackers will then have your user ID and password.
Obviously if you haven’t made a recent payment this should be an easy fake to spot but, the key is, we would send you a one-time code to confirm a transaction, but we would never send a link for you to tap to verify an action.
What happens if you click the link? You probably get sent to a login page that may have been ripped off from the actual US Eagle website but the username and password you enter will go to the scammers, who will then promptly use it to access the account. They will try to change the password (so you will be locked out), and then they will try to change the phone number where your alert texts are sent to a number they control (so they can capture the one-time security codes needed to complete transferring money out of the account). Until you click on the link, the only thing the scammer has is a phone number, and the off chance that you might bank with a particular institution. If you respond you give them the information they need to take your money.
It’s your money! It’s important that you look very carefully at any message (text, phone call, email, or postal mail) to make sure it’s really from a company you trust. We make every effort to keep your accounts safe. Don’t get rushed into doing the wrong thing!
The FDIC has warned that emails with the subject “New ZixCorp secured message from the FDIC” are being sent to consumers from a sender shown as fdic.notification@zixmessagecenter.com The purpose of these emails is to take advantage of recent news involving the FDIC and to use that to try and get victims to enter their email and password, which will then be used by the scammers in attacks against other services in the event that the victim uses the same password for multiple websites.
The body of the message states:
“New ZixCorp secured message from FDIC. Click here: <link omitted> to Open Message To view the secured message, click on the above link to open message.”
The messages may include a comment stating that the message will expire at a certain date and time, to create a sense of urgency.
The linked website in the message leads to an unsophisticated page that states “Login to View Your Message” and has two data entry fields labeled “Email Address” and “Enter Your Correct Email Password.”
Don’t give any information when you receive a call that appears to be from Century Bank!
Spoofing phone numbers is easy and cheap, and crooks do it all the time. Often the crooks call from a spoofed Century Bank number. They will say they are from the fraud department and are calling about some recent charges that look suspicious. They are trying to get you to give them information that (if they really were from Century Bank) they would already have. Like your Online Banking Username, or your secret question. Never give anything that is part of your account login (username/password/PIN/secret question), or transaction verification process (SAC code), to anyone who calls you, no matter whom they appear to be. Call back to a number you looked up and entered. Don’t click on a link in an email or text message which may not go where the visible text seems to indicate, and don’t trust the number showing on your caller id.
Unexpected Micro Deposits could be the first sign of account compromise.
All the pieces involved in the security of your banking accounts are important…your username and password when accessing Online Banking, Secure Access Codes you receive from Online Banking, and the PIN you use as a password when accessing telephone banking. None of these should ever be given to anyone. If you suspect one has been compromised, you should immediately change it and call us at 505.995.1200.
Our Online Banking provider has detected a scam where the scammers compromise the victim’s telephone banking PIN (in many cases by asking them for it). The scammer confirms the PIN by making a micro deposit of just a few cents. This is a common first step for a new bill pay being set up. Using the compromised PIN, which they have confirmed with the micro deposit, the scammer then sets up transfers out of the account.
We have procedures in place to prevent this (as does our Online Banking provider), but, the more personal information the scammer has, the harder it is for us to be certain it is not really our customer with whom we are dealing.
If you see unexpected micro deposits (especially if you are not in the process of setting up a new bill pay or setting up an external transfer arrangement), or if you suspect any of your account access credentials have been compromised, contact Century Bank immediately so we can assist you in continuing to protect your accounts!
November 8, 2022
Pay close attention…your debit card is locked! But it is a scam!
Cell phone users in the 505-area code are receiving text messages telling people to call now, your debit card has been locked!
The text message does not indicate the name of the bank that issued the “locked” card. They just use your phone number as the “account number". But the scammers are hoping that you will not pay attention to that, because…oh my gosh, your debit card could be locked!
If you call the number the scammers will get as much personally identifiable information as you will give them such as your name, date of birth, Social Security number, real account numbers, passwords and if you talk, they will keep asking questions. All that information can be used against you in future identity theft efforts.
Do not fall for the fake pressure! Don't call the number provided in text messages (or in a pop up on your computer). If you need to contact a company, look up the information at a site you know and trust, and dial the number yourself (do not click a link that may not go where it says).
Scammers are counting on you to not pay close attention and to not pause and think. Do not fall for it!
Fake Purchase Overpayment/Refund Scam email and text messages now also adding Zelle.
Customers are reporting the following: You receive an email or text message indicating that you have been charged for a recent purchase on a major name website or store. The message asks you to verify, and if this is incorrect to call the phone number in the message to prevent/reverse the charge. The message may even indicate that it comes from the fraud department. When you call the number, they apologize and offer to refund the purchase to your card or bank account, or they may ask you to use Zelle to send money to yourself. If you provide them with your account information (or they ask for remote control of your PC and you log in to the site), they will then ask for the security code you receive. Using the security code, the fraudster registers their bank account with Zelle using your information. Your payment to “yourself” goes to their account. Remember sending money with Zelle is like handing someone cash…there is little ability to get it back once sent, so…never transfer to anyone you do not know well.
In other variations of this scam, they appear to “deposit” much more than the refund amount. The scammer pretends to panic and says they will be fired if you do not get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them. The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
A few key things: 1) don’t call the number in an email or text message about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); 3) never give anyone the secure access code you were sent for a transaction (if you do, then it ceases to be secure); and 4) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
If you receive any communication like what is described above, stop, and do not give the scammer any personal information. Hang up, then call us at 505.995.1200 and let us know.
A word of caution when using Mobile Payment apps. If they are asking for your Secure Access Code…it’s a scam!
If you are doing a transaction with anyone, and they are asking for the Secure Access Code from your mobile banking app…It’s a scam!
Whether you are using the Zelle Peer to-Peer payment option (and that should only be used for persons whom you know well), or any other option in our online banking, if you are being asked by the remote party for the Secure Access Code (SAC), the other party is trying to steal access to your bank account! We use the combination of the randomly generated and time-limited Secure Access code, which is sent to a device we know belongs to you, and your password to secure your personal accounts. It is called multi-factor authentication. If you re-use passwords across multiple websites (which you shouldn’t) thieves may be able to easily guess or steal your password. The SAC provides an additional layer of protection for your information and your money.
Remember, Century Bank will never ask you for a Secure Access code during a call. If you receive a call that looks like it is from Century Bank (and thieves will spoof our caller id, it’s not hard to do), and you are asked for your SAC…hang up and contact a Customer Service representative right away. Questions? Call 505.995.1200.
Cloned apps may contain dangerous things...
Century Bank has been made aware of third-party app stores that are hosting what appear to be copies of the MyCenturyBank Mobile banking app. We are working to get these removed, because, it is highly likely that these apps also include other features such as Keyloggers or other malware that could compromise your personal information when entered using them. Always download apps that access sensitive personal information from either the developing company directly, or from the official Apple or Google Play stores. Those stores have measures in place to ensure that the apps they host are legitimate products and don’t contain any dangerous “extra” features.
Sometimes a social media quiz is more of a test than you might think...
If you have ever used social media, you have probably seen a “quiz” like the one below.
Which pet should you get? Answer these questions to find out:
- Have you ever traveled outside of the country?
- What town did you grow up in?
- Who is your favorite fictional character?
Now it’s time for your results: You got... a phish!
That’s right, the answers to these simple questions could give cybercriminals the data they need to gain access to your sensitive information.
How Can Cybercriminals Use This Information?
The questions in a social media quiz may seem trivial, but your answers reveal a lot about you. Let’s look at how cybercriminals could use your answers to the questions above:
Have you ever traveled outside of the country?
This question reveals whether you have a passport. Knowing which forms of identification, you have could help a cybercriminal steal your identity.
What town did you grow up in?
This question reveals a detail that can be used to verify your identity. The town where you grew up could also be where you were born, where you went to high school, or where you met your partner. Cybercriminals could use this information to answer security questions and gain access to an important account.
Who is your favorite fictional character?
This question reveals your interests. Knowing what books or movies you enjoy could provide cybercriminals with a hint to crack your password. Cybercriminals could also use this information to target you on social media. Claiming to have a shared interest is an easy way for cybercriminals to appear friendly and trustworthy.
Remember These Tips to Stay Safe:
- Don’t share any information online that you wouldn’t want to make public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands.
- Social media platforms have many security options that can easily be overlooked, such as your tagged photo settings. Review and edit your privacy settings to be sure your information is kept safe.
- The next time you see a friend or family member post a quiz on social media, inform them of the risks involved. They may share sensitive information that you both have in common, such as your hometown. Cybercriminals may realize this connection, so your friend’s post could put you and others at risk.
Be cautious with where you go, and what you do when on the internet (both at work and at home) and don’t provide criminals with information that can turn you into a victim.
Could your business survive a Cyber Attack?
Did you know that 74% of all U. S. organizations experienced attempted or actual payment fraud in 2020? As partners in your financial safety, your team at Century Bank wants to remind you of the potential scams that could impact your organization. Please be vigilant. It’s not a matter of if, but rather when your organization will be attacked.
These schemes can cost your business as little as a thousand dollars or more than a million. Could your business weather a half-million or million-dollar loss? Could you possibly be terminated if your employer experiences an avoidable loss due to payment fraud when you did not follow company policy or the tips listed below?
Below we have highlighted a few of the most prevalent fraud schemes from the guide: Protecting Against Cyber Fraud, produced by the National Association of Clearing Houses.
Business Email Compromise (BEC)
Have you received an email from a vendor or your boss requesting that a wire or ACH be sent immediately or to a new bank account number? Fraudsters have been compromising or impersonating valid business email addresses to make such a request and unfortunately your most vulnerable department is accounts payable, as these departments were the target of 61% of all BEC fraud attempts in 2020. Avoid being a victim and require that you and your staff take the time to pick up the phone and call the sender to verify the validity of the request. DO NOT use the contact information in the email, use another source because you could be simply interacting with the fraudster if you use details from the email.
Vendor Impersonation Fraud
Vendor impersonation can occur when a business or organization receives an unsolicited request, purportedly from a valid contractor/vendor to update payment information. The update could be to request a wire or provide a new payment method. Avoid being a victim and take the time to call the supplier to verify the request. Be additionally diligent when the request is from a construction related contractor. Payments to contractors are a favorite target by fraudsters due to their size.
Payroll Impersonation Fraud
Fraudsters target employees by directing them to fake websites or making a request that may seem legitimate such as an email from human resources to make a direct deposit change. Help your employees from being a victim by educating them on various scams and have a specific procedure to update direct deposit information.
Ransomware Attacks
Ransomware is a type of malware that will prevent you from accessing your computer files, system, or networks and demands you pay a ransom, via cryptocurrency, for their return. Ransomware is usually distributed through email by sending a malware-embedded attachment. Avoid being a victim by educating your staff on taking time to review emails for legitimacy and be cautious of websites that they are accessing. A few key giveaways in these emails and websites are bad grammar, misspellings, and if the sender has an odd email address. Also, check with your insurance provider to ensure you have a cyber policy with a rider that will help defray the expenses that come with recovering from a ransomware attack. Not only will you have to pay the attackers, but you will have to pay IT professionals to make sure your systems are restored and all malware is removed.
Please take the time to view the guide: Protecting Against Cyber Fraud and share with your staff and friends. As always, feel free to contact us with any concerns or questions you may have about protecting yourself and your businesses from potential fraudsters.
July 16, 2021
Fake Purchase Overpayment/Refund Scam.
Customers are reporting the following : You receive an email indicating that they were charged for a recent purchase on a major name website. The email asks you to verify, and if this is incorrect to call a phone number in the email. When you call the number they apologize and offer to refund the purchase to your card or bank account, if you provide them the information (or they ask for remote control of your PC and you log in to the site). Then, they appear to “deposit” much more than the refund amount. The scammer pretends to panic, and says they will get fired if you don’t get them the extra money back…they tell you to purchase gift cards for the “extra” amount at local stores and then read or photograph the card numbers to them.
The scam here is…they never moved any money to your account, but the gift cards you give them the numbers for, are real money out of your account!
A few key things: 1) don’t call the number in an email about a purchase you did not make; 2) don’t give anyone you don’t know remote access to your PC (and especially not when you are logged in to your online banking); and 3) if you are being asked to purchase gift cards…there is a 99.99% probability it’s a scam!
If you receive any communication like this, stop, don’t give the scammer any personal information. Hang up, then call us at 505.995.1200 and let us know.
April 13, 2021
Scammers are calling Century Bank customers indicating that they are from Century Bank Security.
During these calls the scammers ask customer for their Debit Card Pin, or their Secure Access code for Online banking, or their user ID and password for online banking.
Please note that Century Bank will NEVER call you, and ask for any of these things (we already know all of them except the Secure Access Code).
If you receive a call like this, stop, don’t give the scammer any personal information. Hang up, then call us at 505.9951200 and let us know.
What are some classic warning sights of possible fraud and scams?
- Calling or emailing you, claiming to be from the government and asking you to pay money.
- Asking you to pay money or taxes upfront to receive a prize or gift
- Asking you to wire them money, send money by courier, or put money on a prepaid card or gift card and send it to them.
- Asking for access to your money-such as your ATM cards, bank accounts, credit cards, or investment accounts.
- Pressuring you to "act now" or else the deal will go away. Or someone who seems to be trying hard to give you a "great deal" without time to answer your questions.
Call Us!
505.995.1200
Tap. Snap. Send.
That's how easy it is to deposit a check with Century Bank's Remote Deposit Anywhere.