Social engineering is malicious act to gain access to your personal information

Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking into a website or using technical cracking techniques. Social Engineering may be perpetrated via phone, email or even in person to gain customer account information.

Bank fraud & scams

Spoof websites/Phishing

What is it?

Through the use of fraudulent techniques, internet thieves attempt to "phish" for confidential information. They attempt to steal your information by means of "pop-ups" or emails with internet links to deceive you into disclosing sensitive information (such as account numbers, your Social Security Number, or online banking credentials).

Often the email appears to be from a trusted source, like your bank, and directs you to a "spoof" website that closely resembles the real website that asks you to give sensitive information or even asks you to call a phone number and provide account information.

View fake emails and websites


What you should look out for:


  • Unsolicited requests for personal or business information. Bank of the West will never send you emails with embedded links or pop-up windows that ask for confidential information, such as your account numbers, Social Security Number, ATM or debit card number or PIN

  • Urgent appeals. Claiming your account may be closed if you fail to respond with your personal or business information. Bank of the West will never ask you to verify information in this way

  • Messages about system and security updates. Claiming the bank needs to confirm important information due to upgrades. The message may state that you must update your information online. Bank of the West will not ask you to verify information in this way

  • Offers that sound too good to be true. You may be asked to fill out a short customer service survey in exchange for money being credited to your account. You are then asked to provide your account information. Bank of the West will not conduct a survey in this way, and these are often scams

  • Typos and other errors. Be on the lookout for grammatical errors, awkward writing and poor visual design

Additional resources

We've listed some of the most popular internet scams and some ways to identify them. For more detailed information on internet scams, please visit the Federal Trade Commission (FTC) website www.ftc.gov.

Malware


What is it?


Malware or "malicious software," includes viruses, spyware and Trojans that are designed to infect or damage a computer system. Malware is often used to steal personal or business information. There are several easy ways to minimize the risk:


  • Avoid downloads from file sharing and social networking sites
  • Don’t open email attachments or install free software from strangers
  • Don’t click on pop-up ads asking for financial information
  • Regularly update your security and system software

Vishing & Phishing


What is it?


Vishing is the scam practice of using the telephone to get illegal access to private financial information. Phishing is made possible by internet-telephone services which allow computer users to establish phone numbers without verification screening. A customer may receive a fraudulent email stating their online bank accounts have been disabled and asking the caller to dial the provided phone number instead of replying via email. On the call, an automated voice then prompts the caller to enter his/her personal information which goes directly to the vishing scam artist.

Email account compromise (EAC)

EAC scams are similar to the Business Email Compromise (BEC) scams, in that the motive and method of execution is the same. However, EAC scams target individuals rather than businesses.

Like BEC scams, EAC typically are phishing emails that infect computers and devices, allowing fraudsters to gather personal information such as personal identifying information, frequently contacted financial advisors and confidential banking information. Once fraudsters have gained this information, email accounts are either taken over, or spoofed and used to request unauthorized wire transfers, ACH payments, and even checks.

How it works


  • EAC scams typically target wealthy or high profile individuals who have accountants, financial institutions or other third parties manage their finances. However, anyone can be victim

  • Fraudsters may hack into a legitimate email account, or use “spoof” email accounts, which will appear identical to legitimate email accounts making differences difficult to detect

  • Victims are generally from the U.S. who regularly conduct business, travel to, or have international ties

  • Fraudsters use EAC scams to trick victims to wire money from personal bank accounts

  • Unauthorized wire requests almost always have a sense of urgency and request strict confidentiality, are flagged as time sensitive or highly confidential. The emails may be are well-written, appear genuine and align with normal day-to-day operations. However, they could be poorly written, contain typos and appear suspicious

Business Email Compromise (BEC)

Business Email Compromise (BEC) is an increasingly common type of scam for payment fraud targeting businesses that regularly perform wire transfers.

In some instances, the fraudster may also use BEC scams to obtain employee, or personally identifiable information, such as W2 forms, that can be used to perpetrate other fraud scam schemes.

The BEC scam may start with a phishing email to, but is ultimately conducted using a combination of social engineering and infected computers and devices. This allows computer intrusion tactics that help the fraudster to identify a business’s normal procedures and protocols, including employees who are authorized to send wire transfers or release requested information.

Information obtained through these tactics can include employee email addresses, executive travel calendars, previous wire details, including frequency, amounts, account numbers, and vendor names.

BEC scams are a compromise or spoof of legitimate business email accounts—often belonging to the Chief Executive Officer or the Chief Financial Officer of a company for the purpose of conducting unauthorized wire transfers or other money movement. After compromising or spoofing the email account, usually via social engineering or malware, the fraudsters are then able to send wire transfer instructions using the victim’s email.

BEC scams typically targets businesses who conduct wire sending wire transfers; however, they may also target businesses that send ACH payments or checks. This depends on the company’s standard practices

Source: http://www.ic3.gov/media/2015/150122.aspx

Wire Transfer Fraud

Wire transfer fraud continues to be a challenge for banks and their customers. Wire transfers are an increasingly popular choice with criminals because of their speed and immediate availability of funds. Once the transaction is completed it is difficult, if not impossible, to recover the funds.

Businesses need to be especially aware of the risks associated with wire transfers. Criminals have identified opportunities to exploit vulnerabilities with internal business controls around wire processing and email requests. These emails are disguised as a trusted and known entity (vendor, supplier, broker, etc.). Learn More

Common "red flags" of Wire Transfer Fraud include:

  • An overt sense of urgency or confidentiality conveyed in the request
  • Wire transfer request contains new or modified payment instructions for known entities or individuals
  • A wire request received from an individual at the business who does not normally make these requests
  • Suspicious solicitation by email, phone, fax, by mail or from an online acquaintance or business

Reduce your risk of becoming a victim by:

  • Confirming the request with the sender verbally at a telephone number that can be verified (not what is provided to you)
  • Verify the request is legitimate through a reliable source
  • Research the request further if you have any hesitation
  • Ask questions
  • If you still have concerns, do not send the wire transfer

What do you do if you believe you fell victim to a wire fraud scam?

  • Contact Bank of the West immediately (1-800-488-2265, TTY 1-800-659-5495) and request a wire recall due to fraud
  • File a report with the Internet Crime Complaint Center at https://bec.ic3.gov/
  • Save all of the emails involved with the transaction

Money mules

How it works?

Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen money. Money mules are often recruited with job advertisements for "payment processing agents," "money transfer agents," "local processors," and other similar titles. Criminals recruit mules, send them stolen money and then have the “mule” wire or transfer the money to their accomplices, usually in another country. Mules are unaware that the money they’re sending is stolen.

In some cases, funds from unauthorized wire transfers are directed to money mules’ bank accounts. Money is then transferred from the mule's account to the fraudster. Money mules transfer stolen money either in person, through a courier service, or electronically. Typically, the mule is paid for services with a small part of the money transferred.

Victims of these scams may not only have their bank accounts closed, but are also often held financially responsible for returning the stolen funds. Using the money mule masks the criminal's identity.

Common signs of a money mule scam:

  • Overseas companies requesting “money transfer agents” in the U.S.
  • Opening new bank accounts to receive money from a stranger
  • Accepting large sums of money into your bank account for a new job
  • Transferring or wiring funds from your bank account to strangers

Contact us to report

Fraud or suspicious activity
1-800-488-2265
TTY 1-800-659-5495

Lost or stolen credit cards
1-800-996-2638

Suspicious Bank of the West emails
abuse@bankofthewest.com