LATEST FRAUD ALERTS
At NBT Bank, we're always working to keep you up to date on-and protected against-the latest scams and threats to your identity. Click the headings below to read the most recent alerts and information, so you know what to look out for when it comes to fraud.
We have been alerted to multiple SMiShing (text message phishing) attempts. The text messages imply that a transaction has been processed and instructs the recipient to clink on a link to cancel. The link will take the customer to a spoofed NBT Bank Digital Banking website where they are asked to log in, compromising their credentials and account information.
This text is not affiliated with NBT Bank. Do not respond and do not share any personal information. Please be advised that even if body of the text is different or appears to be coming from a different sender, any similar texts could be a phishing attempt.
A remote access scam typically begins with a phone call from someone who claims to have detected an issue or virus on your computer. They supposedly work for a large technology or computer software company that can fix the problem. To do so, they need access to the device and payment via gift cards, money transfer apps, or wire transfers. Here's the problem: there are no issues with your computer, and they don't need remote access.
We have recently seen a twist on this scam where fraudsters (after gaining access into the computer and the online banking account) say they are transferring you to the Fraud Department of the bank account they see in your online account.
Read the red flags below to help spot this kind of scam.
- An incoming call from a tech support company claims your computer/mobile device isn't working properly but you haven't detected any issues.
- A pop-up shows up on your computer claiming to have detected a virus with a phone number to call.
- In order to fix the issue, they need remote access to the computer/mobile device.
- You need to provide personal or financial information before it can be fixed.
- Gift cards are requested and once purchased; the fraudster asks for the numbers off the back of the card over the phone.
Tech support companies will never reach out to individuals via phone, text, or email claiming they have identified a problem. They rely on incoming calls to help their customers. If you are having an issue, call a number that you know and trust.
Once fraudsters have access to your device, they might also try and login to your online banking account. While they're logged in, they transfer your own money between accounts and claim to have provided a refund in error. They ask you to send this money on to remedy the situation in the form of gift cards or money transfers. They may ask you to set up a service such as Zelle to transfer funds. Remember to never give someone access to your online banking account by giving out your credentials or access to your device.
If you believe you have been a victim of a remote access scam, contact NBT Bank immediately at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
Here are a couple other general reminders on ongoing fraud trends:
- Never give out your online banking credentials to anyone and never share any OTP (one time pin) that may have been sent to your phone or email address.
- Do not purchase gift cards and scratch off the backs to give someone the numbers over the phone. Once the gift card numbers have been provided the money is gone.
- Do not fall for anyone asking you to mail cash to them. There are no “secure wallets” or “secure accounts” that require you to withdraw money from your bank account to put cash in the mail.
NBT Bank has been alerted to SMiShing messages (text messaging phishing) being reported. The text message (example below) states debit card has been locked. The texts appear to be coming from the numbers listed below (or other variations):
It asks customers to contact 854-223-3196. Please be advised that even if body of the text is different or appears to be coming from a different sender, any similar texts could be a phishing attempt. Do not attempt to call or text this number or provide any information.
SMiShing is a version of social engineering where fraudsters attempt to get personal or bank account information from unsuspecting consumers. Once the information has been compromised, they can use it for unauthorized transactions or use the personal information to open accounts, loans, or credit cards.
NBT Bank will not require customers to send personal information in a text message. If you receive a suspicious communication, contact that person at a number you know and trust.
If you have provided any information or have any questions, please call 1-800-NBT-BANK (1-800-628-2265) immediately. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
Fraudsters are known to impersonate people. Sometimes it’s celebrities and sometimes it might even be your friends and family. In other cases, they take it a step further and impersonate businesses that you regularly work with like NBT Bank.
As a corporate entity, fraudsters do their best to steal our company logos and photos to create their own profiles in an attempt to gain personal information from unsuspecting victims. Making the profile look more convincing makes it more likely for them to get money.
What are the red flags?
- The profile name doesn’t make sense. In the past fraudsters have used names like @hoofnbt or @nbtbank_ to impersonate our profile.
- The profile appears to be new and has very few posts or followers.
- You receive messages from the profile saying you’ve won a prize and they ask for personal or financial information to claim the prize.
- They are asking you to share online banking login credentials so they can log in on your behalf.
- Once logged in to your online banking, they ask you to confirm one-time passcodes so they can begin initiating transactions.
- While messaging the user on social media, they try to take the conversation somewhere else by giving you a phone number or separate social media account.
What should you do if you encounter one of these scam accounts?
- Do not connect with, follow or share any information with the fake profile. They could use a connection with you to validate their authenticity to others. That connection also enables them to access your images and information.
- Get receipts. Report fake social media accounts to [email protected] and include the following information if you can.
- Screenshots of the profile and any messages they may have sent to you.
- The username used on the suspicious profile.
- Report the account and any messages received to the social media platform.
- After reporting, block the user.
Remember NBT Bank will never reach out to you to ask for personal or bank account information or one-time passcodes. If you believe you have fallen victim to this scam, report it to us by calling 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
Examples of Fraudulent Accounts
Recently there has been an increase in fraudulent attempts where imposters are filing for unemployment benefits using the names and personal information of people who have not filed claims.
All 50 states are reporting an increase in fraudulent unemployment benefit attempts. Threat actors are using stolen credentials to apply for benefits in someone’s name. Victim’s typically have no idea the scam is happening until they receive a notice in the mail from the state unemployment office alerting them of the claim or in some cases a debit card is received in the mail.
How are they getting this information?
Fraudsters are gathering pieces of information on the dark web from numerous data breaches that have occurred over the years. Most states only require a social security number and a date of birth to start an unemployment claim. More than 4,500 data breaches have been made public since 2015. A total of over 816 million individual records have been breached. This information can be sold and used to try and steal identities.
What should I do if I have received a notification?
If you are alerted your information was used for a fraudulent claim, follow these simple steps:
- Report the attempt to your employer.
- Contact NBT Bank immediately by email at [email protected] and/or your primary financial institution.
- Change any passwords that have been reused or not changed in the last 90 days. Keeping your financial and online baking passwords separate from email or social media sites is key!
- Visit www.identitytheft.gov to report the fraud attempt to the FTC and get help with recovery steps. They will also assist in adding a fraud alert on your credit report.
- Review your credit report often. You are entitled to a free credit report and review the information for any incorrect information. Up until April 2021, you are eligible to one free credit report weekly. You can visit www.annualcreditreport.com.
- Contact the unemployment agency in the state where the claim was filed to notify the claim was fraudulent.
a. Note: You may not be able to speak to a live representative due to the influx of calls, but it is still important to notify them via their website or an automated hotline. The full list of agencies in NBT Bank’s footprint are located below.
- Check to see if you have been exposed on any recent compromises or data breaches. www.haveibeenpwned.com
- Consider filing a report with your local law enforcement agency of the fraudulent attempt. Get a copy of that report that you can provide to creditors or credit agencies if you fall victim to further identity theft attempts.
Join us in celebrating National Cybersecurity Awareness Month and help promote safe online practices! Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart.
This month, we’ve joined the National Cyber Security Alliance (NCSA) and the Cyber Security and Infrastructure Agency (CISA) in their campaign to “Do Your Part.” These three simple tips encompass all necessary actions to fight against cybercrime. The focus to “Do Your Part. #BeCyberSmart” is to be intentional with your online activity.
Each week we'll be diving deeper into these topics:
If you connect it, protect it: The line between our online and offline lives is increasingly becoming blurred. Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.
Securing devices at home & work: Now more than ever, we must protect the devices we have connected for personal and professional use. Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.
The future of connected devices: With technology consistently changing and evolving, future technological improvements will affect the security of our devices. No matter what change is to come, every user needs to be prepared to #BeCyberSmart. Staying informed on the changes will help you to be prepared for any threats that may come to your personal information.
October may be dedicated to raising cyber security awareness, but the effort does not stop there. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis. Throughout the month you can also join us on Instagram, Facebook, and LinkedIn as we share information about this topic. If you believe you are a victim of fraud, notify us by emailing [email protected].
The FBI, multiple state attorneys general and other agencies are warning Americans not to fall for phone calls, texts, emails, websites or door-to-door tactics asking for personal or financial information in order to receive the federal CARES Act check payment.
Funds will go out to the 90% of Americans scheduled to receive it without any additional information needed. Funds will be sent to the individual using the same channel that they receive their tax return. If a direct deposit has been set up funds will go electronically, if not, checks will be mailed out.
The IRS states on its website that no sign-up is required, and there is no need to call. Additional information will be posted when available. Visit the IRS website directly for updates.
Do not provide any personal or financial information to anyone over the phone or in person claiming to be from the IRS or any other agency to assist in receiving funds.
If you have provided your personal or financial information to someone as part of this scam please contact us at 1-800-NBT-BANK or send us an email at [email protected].
How to defend yourself and stay safe amid COVID-19 Scams
NBT would like to take this time to warn our customers to remain vigilant on an increase in scams related to the Coronavirus Disease (COVID-19). Scams could come in a variety of forms including phishing emails with malicious links or attachments to try and trick victims into revealing sensitive information. This could also come in the form of donations to fake charities. Always exercise your due diligence when opening any email related to COVID-19 and be wary of social media ads, texts or calls.
Some important tips you need to know:
- Avoid clicking on links in unsolicited emails and be wary of attachments. Email scammers often try to elicit a sense of fear or urgency in victims.
- Use trusted sources- such as legitimate government websites for the most up-to-date fact based information about COVID-19.
- Do not reveal personal information or financial information in an email, and do not respond to solicitations for this information.
- Always verify a charity before making donations by contacting the charity directly or verify the charities existence. Do not donate if the solicitor is using high-pressure tactics or insists on a cash donation.
If you have questions about this scam or think you might be a victim, call NBT Bank customer service at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
NBT Bank has received reports of customers receiving phone calls spoofing 1-800-NBT-BANK (1-800-628-2265). Spoofing is a phone call fraud attempt where the call appears to be coming from a trusted number, but it actually isn’t.
The caller poses as an NBT Bank employee referencing phony fraudulent transactions in an attempt to obtain customer’s personal and debit card information. Please note that although NBT Bank does monitor for fraudulent debit card activity and we will reach out to you to verify suspected unauthorized transactions, these calls do not come from 1-800-NBT-BANK and you will never be asked the full details of your debit card.
Read below to find more tips on how to avoid becoming a victim.
What you need to know:
- Don’t call back a phone number you don’t know.
- If you receive a phone call, avoid providing personal and debit card information.
- Verify any suspicious communication by calling a number that is known and trusted.
If you have questions or believe you have been the victim of a scam, contact the NBT Bank Call Center at 1-800-NBT-BANK (1-800-628-2265). Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
With increased uses of social media platforms and dating apps, consumers are more susceptible to fraudsters posing as someone they aren’t. What may appear to be your soulmate, could very well be a scammer. Fraudsters will often lure people in by posing as a trustworthy individual. Once they’ve done so, the conversation will often turn to money and how they can help you financially. In order to set up transfers, they will often ask for personal or financial information including login credentials, account numbers or debit card numbers.
Follow these simple tips to ensure that you don’t fall for a Lonely Heart Scam.
- Verify that the person you’re talking to is who they say they are.
- Be extra careful of individuals you’ve just met online who want to leave the site and move to other personal communication platforms like email or texting.
- Be suspicious if the conversation moves to a financial nature shortly after you’ve started talking.
- Never share financial information, such as account numbers, online credentials, and card numbers.
After you help fraudsters once, they’ll continue to find reasons for you to send them money. They might even go as far as creating a new profile under a different name after you’ve stopped communicating with them. Be mindful of how you’re spending your money and who you’re having financial conversations with.
If you believe you’ve been the victim of this scam, contact your local branchor call 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
How does it work?
Online loan fraud is a common method that scammers use to manipulate customers into giving out personal information and asking them to send funds through multiple different channels. Customers submit a loan application online that they found through an ad or website. They typically guarantee the loan will be approved regardless of credit history. The scammer asks for online banking credentials to make a direct deposit into the customer's account. The scammer deposits a fraudulent check and asks the applicant to purchase gift cards, wire the funds, or purchase a Western Union before they can receive the proceeds of the loan.
What are the red flags?
- They are asking for your online banking credentials. A legitimate financial institution will never require online banking credentials in order to take out a loan or conduct a direct deposit. It's never a good idea to share this information.
- They are asking you to purchase something with the funds that were deposited. Customers should never have to purchase gift cards or send money via Western Union before receiving the proceeds for a loan.
- They are asking you to pay an individual. Payments for a loan should not go to an individual person. Lenders will never pressure you to wire funds or transfer money via ACH.
- They aren't interested in your credit history. Legitimate lenders can never guarantee someone will be approved for a loan before they review the application.
- The upfront fees aren't disclosed. The scammer will try to say the funds from the direct deposit are for "processing," "insurance," or just "paperwork." Any fees should be clearly disclosed by the lender.
What can you do to prevent it from happening?
- Protect your personal information. It's never a good idea to share login credentials or account information, especially with someone you've never met.
- Read the fine print. If the details of the loan are hard to understand or difficult to follow, it could be a sign that it's a scam.
- Monitor your bank account for unauthorized charges. Keeping an eye on your account is always a good practice. If you see something that wasn't authorized, call your bank to ask them about it, and dispute it.
For more information on how to keep your online banking account safe, refer to the Online & Mobile Security section of the Fraud Information Center.
Personal Fraud Awareness, Prevention and Reporting Resources
Find out about agencies that provide fraud awareness, prevention tips and resources as well as fraud and identity theft reporting tools.