Security Center

Phishing

Thieves will send out bogus messages that appear to be from a company or government agency with whom you may or may not do business. These messages will attempt to convince you to either click on a link or call a number to get you to reveal information that can be used to steal your identity, access your accounts, or both. Phishing messages may come through email, instant messages, and even text messages.

 

What should you do:

The best thing to do if you believe a message may be legitimate is to contact the company using contact information that you know is valid such as a number from the phone book or by typing the company’s web address into your browser’s address bar.

 

Vishing

Vishing is the use of social engineering tactics over the telephone system in an attempt to gain personal information for fraudulent uses. Vishing is successful because it is hard for law enforcement to track and because the phone system is very trusted by the general public. Features like caller ID can now be forged and faked using modern tools to make the calls more believable. Customers should be very suspicious when receiving calls asking for personal information and should call the bank directly using a number they know is legitimate if they question the validity of a request.

Spoofing

A “spoofed” site is one that appears to belong to a legitimate company. The site may even look like the legitimate company’s site utilizing their colors and, perhaps, their logo. Typically a bogus email is received that asks you to supply, confirm or update sensitive personal information by clicking on a link in the email. The goal of the criminal is to get you to enter the requested information so that they can steal it for their purposes.

Business Email Compromise Scams

Six Ways to Protect Your Business

• Educate your employees.
• Protect your online environment.
• Use alternative communication channels to verify significant requests.
• Be wary of sudden changes in business practices or contacts.
• Be wary of requests marked “urgent” or “confidential”.
• Partner with your bank to prevent unauthorized transactions.

For more information, you can read the FBI’s news article about Business Email Compromise, and see the FBI’s Internet Crime Complaint Center’s public service announcement.

If you fall victim to a business email compromise scam:

• Contact your financial institution immediately to notify them about the fraudulent transfer.
• Contact your local Federal Bureau of Investigation office as they might be able to freeze or return the funds, if notified quickly.
• File a complaint, regardless of dollar loss, at IC3.gov.

 

 

Secret Shopper

Who wouldn’t love getting paid to shop and dine at cool places and then review them? Whether you’re a student looking for a summer job or someone wanting to start a side or full-time business, mystery shopping sounds like an exciting option. But while some mystery shopping opportunities are legitimate, many are scams that rob you, not pay you.

 

 

Consumer Security

OnGuardOnline.Gov
Practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect personal information.

FTC.GOV/idtheft
Resource to learn about identity theft with detailed information to help you deter, detect, and defend against identity theft.

StaySafeOnline.org
Information and tools from the National Cyber Security Alliance to help home users and small businesses stay safe.

Business Security

BBB.org Business HQ
Resource for small businesses to learn more about securing their sensitive data.

USChamber.com
Information and tools to help business owners, managers, and employees understand and adopt basic internet security practices.

PCISecurityStandards.org
An excellent resource for business customers to learn how to enhance their payment card data security. The Payment Card Industry (PCI) Security Standards Council manages security standards related to card processing.

Protect Yourself

Being proactive and taking a few simple steps can help you protect yourself from becoming a victim.

A few helpful tips to protect yourself:

• Never provide your password, credit or debit card information or PIN over the phone or in response to an unsolicited internet request unless you initiated the contact.
• Urgent appeals to act now should be resisted. Thieves often try to get you to act quickly before you have a chance to think about what you may be doing.
• Review your statements when you get them. You can also always review your accounts in real time using internet banking. If you see a suspicious transaction, contact us immediately.
• Visit here for more information on how to opt-in for electronic statement delivery. Not only are you helping the environment, but you are keeping the paper statements out of your mailbox where they could be stolen and used to steal your identity.
• Don’t agree to deposit money from someone you don’t know into your account and then wire the money back or to someone else you don’t know. Wires are like sending cash, once they have been sent you can’t get your money back.
• If something sounds too good to be true, it probably is.
• Follow our Safe Computing Tips below.
• Business customers should consider performing their own risk assessment and controls evaluation periodically to determine if additional controls are necessary to address the risks of online banking. Additional information to assist you in completing this process can be found within our Helpful Resources – above.
• Sign up for internet banking account alerts. Alerts allow you to receive email and text notifications of important account and security related activities and messages.
• Shred all account statements and any other documents containing personal data on it before throwing them in the trash.

Remember: WesBanco Bank will never contact you via unsolicited phone calls, emails, text messages, or over any other mediums to request your online banking credentials or personal information. As your bank, we already have that information on file and will therefore never request such information. If you ever question the legitimacy of a request for your information, you should contact the bank on your own to verify the request.

Run a Full Scan With Both Your Antivirus and Antispyware Software

Full scans with your Antivirus and Antispyware software can help to catch the most recent viruses and spyware that may have been installed on your computer without your knowledge. Full scans of your entire PC should be run at least daily.

Ensure Your Operating System is Up to Date

Computer operating systems need to be updated to stay current with any security patches released by the maker of your operating system. In most cases, people are running an operating system that can be configured to check for updates automatically.

Keep Your Software Up to Date

In addition to keeping your operating system up to date, you should also look for updates for the software installed on your PC. Software can be vulnerable to hacker attacks and may lead to the compromise of your system if it isn’t updated. A good rule of thumb is that if you don’t need a piece of software, remove it or don’t take the risk by installing it

Keep Your Firewall Turned On

A firewall helps protect your computer from hackers who may try to gain access to your computer and the information it contains. Software firewalls are available to protect single computers and are even included with many newer operating systems.

Review Accounts Regularly

Everyone should regularly monitor their accounts for suspicious transfers and withdrawals. Businesses should monitor their accounts daily for suspicious transactions. Customers should notify WesBanco Bank immediately of any unexpected activity.

Change Your Passwords to Banking, Email, and E-commerce Sites Regularly

Passwords are the keys to your internet kingdom. Changing your passwords regularly will help ensure the security of all your online accounts as well as the information and the money they give you access to. When changing your password, be sure to use strong passwords. Strong passwords use eight or more characters with random letters (combination of uppercase and lowercase), numbers, and symbols. In addition, you should never use the same password on multiple sites. If one site is compromised, your other accounts could possibly be accessed as well.

Be Careful What You Download

You should never open email attachments or click on links in emails from people you don’t know. You should also be wary of forwarded attachments and links from people you do know. Email attachments and links can circumvent even the best Antivirus software. Additionally, you should be wary of downloads from trusted and un-trusted sites that seem new or suspicious. If the site has been poisoned or compromised by hackers, you could unknowingly be installing a virus or spyware. If you question whether a download is necessary to access a site, you can always contact the company for further information.

If Possible Have a PC Dedicated Only to Online Banking Activities

Fraudsters and scam artists have learned that many small and medium-sized businesses use Online Banking products due to their convenience. What they have also learned is that these same businesses often do not take the time to adequately protect their PCs as outlined in these tips, nor do they regularly review their accounts for fraudulent activity. Using this knowledge, fraudsters and scam artists are now actively targeting small and medium-sized businesses using phishing attacks, email attachments, and websites designed to take advantage of operating system and software flaws. One of the most effective controls is to use a second PC or “live disk” for your banking. This PC should not be used for regular web surfing, checking email, or other projects. These activities can increase a business’s risk of unknowingly coming into contact with malicious sites and software. You should never use the computer your kids use for your online banking.

Regulation E carries out the purposes of the Electronic Fund Transfer Act. In particular, it helps protect consumers from certain erroneous or fraudulent electronic transfers made from their account. Regulation E applies to consumer accounts only, including consumer checking and savings accounts. Regulation E does not apply to transactions on business accounts, including transactions made with Online Banking for Business. If you suspect an erroneous or fraudulent electronic transfer was made from your consumer account, you should immediately contact a WesBanco Banking Center to report the transaction.