Skip Navigation Download Acrobat Reader 5.0 or higher to view PDF files.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
Wheatland Bank
Online Banking Access

Cyber Security & Identity Theft

What is Cyber Security?

Cyber security is the practice of protecting your personal information on computers, servers, mobile devices and electronic systems from theft and cyber-attacks. Read more about tips on how to protect yourself.

 

What is Identity Theft?

In a social engineering attack, an attacker uses human interaction to manipulate a person into disclosing information. People have a natural tendency to trust and attackers exploit this tendency in order to steal your information.

Once the information has been stolen, it can be used to commit fraud or identity theft. Criminals use a variety of social engineering attacks to attempt to steal information, including: Wheatland Bank would not call or text and request full account number, full debit card information, Online Banking Credentials, or client identification information. If this is requested, you should discontinue the call and contact the bank directly at (888) 896-2577.

 

How To Protect Your Identity?

Follow these tips and best practices to help protect your identity 
 

Spoofed phone numbers

Fraudsters can easily spoof numbers to appear like a legitimate phone number in attempt to gain access to individuals account and personal information.

Fake links (URL's)

Do not follow a link provided by an unknown person. Instead, go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.

Use strong passwords

When creating a new password, pay attention to strong password requirements. Don’t use common, easily guessed passwords and change your passwords often.

Make sure passwords and password hints are stored securely. Record passwords in an encrypted file on your computer, or select another secure password storage. Don’t share your passwords with other people.

 

Keep personal information private

Never enter your financial information on a website that isn’t secure (look for the padlock or “https://” prefix in the browser address bar).

If you suspect your credit card information is being misused online, call the Customer Service phone number on the back of your card or (800) 472-3272 immediately to report your debit card as lost/stolen and to request a replacement card.

 

Secure Your Device From Cyber Threats

  • Keep software up to date.
  • Use a passcode.
  • Avoid using public unsecured Wi-Fi.
  • Beware of fake applications and links.
  • Log out of online accounts after using.
  • Set up multi-factor authentication when available.
  • Back up all personal data.


Helpful Resources:

Wheatland Bank Financial Security Center 

AARP.org - What You Need to Know to Protect Yourself Against Bank Scams

Consumer FTC - How To Avoid Imposter Scams

Consumer FTC - Phone Scams

FBI.gov - Scams and Safety

Federal Communications Commission - Avoid the Temptation of Smishing Scams

 

Learn More About Different Types of Fraud:

A business email compromise, criminals send legitimate looking emails with requests such as:
  • Invoice from a regularly used vendor with an updated ACH, Wire payment details or a different mailing address.
  • CEO requests gift cards for employee rewards and asks for serial numbers to distribute them immediately. 
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment. 
These are all real examples that criminals have used to steal thousands of dollars. 
 
HOW BEC SCAMS WORK
  • Spoof an email account or website. Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.
  • Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
  • Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
 
PROTECT YOURSELF
  • Don't click on anything in an unsolicited email or text message asking you to update or verify any account information.  Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate. 

  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.

  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. DO NOT use the contact information provided but use Google or a previously verified phone number or email. You should verify any change in account number or payment procedures with the person making the request.
Criminals love to exploit times of disaster. These fraudulent schemes seek donations for organizations that do little or no real work. The money goes directly into the hands of the fake charity's creator. 
 
Charity fraud scams can come to you in many forms: emails, social media posts, crowdfunding platforms, cold calls, etc. Always use caution and do your research when you're looking to donate to charitable causes.
 
PROTECT YOURSELF
The following tips can help you avoid these schemes:
  • Give to established charities or groups whose work you know and trust.
  • Be aware of organizations with copycat names or names similar to reputable organizations.
  • Be wary of new organizations that claim to aid victims of recent high-profile disasters.
  • Do your research. Use the Federal Trade Commission's resources to examine the track record of a charity.
  • Give using a check or credit card. If a charity or organization asks you to donate through cash, gift card, virtual currency, or wire transfer, it's probably a scam. Learn more about this trick from the FTC.
  • Don't provide any personal information in response to an email, robocall, or robotext.
  • Check the website's address—most legitimate charity organization websites use .org, not .com.
POP UP SCAM
How the scam works:
  • Customer receives a computer pop – up saying “you’ve been scammed”
  • Gives phone number to call
  • When they call they will be connected to a Micheal Phillips
  • The scammer claims to be from Apple and gives out an employment idea and then starts scaring them and threatens to send info to the FBI of false claims.
  • The scammers are able to spoof bank phone numbers when the “loan officer” attempts to contact the customer
  • Customer is ultimately instructed to withdraw $45,000 (or other) and take it to the nearest bitcoin machine/Encrypted Federal Machine and change the cash into bitcoin.
 
INVESTMENT FRAUD
Scammers use a variety of methods to initially lure and contact victims. Here are some of the most common methods: 
  • Social Media
  • Texting
  • Dating Sites
 
Bottom Line: If you met someone through a method described above, and that person pitched an investment opportunity that involved cryptocurrency—beware: this is likely cryptocurrency investment fraud.
 
Tips for avoiding these scams:
  • Don't download or use suspicious looking apps as a tool for investing unless you can verify the legitimacy of the app.
  • If an unknown individual contacts you, do not release any financial or personal identifying information (PII) and do not send any money.
  • Do not invest per the advice of someone you meet solely online.
  • Verify the validity of any investment opportunity from strangers or long-lost contacts on social media websites. 
  • Be on the lookout for domain names that impersonate legitimate financial institutions, especially cryptocurrency exchanges. 
  • If an investment opportunity sounds too good to be true, it likely is. Be cautious of get rich quick schemes. 
  • If you already invested funds and believe you are a victim of a scheme, do not pay any additional fees or taxes to withdraw your money.
  • Don't pay for services that claim to be able to recover lost funds.
 
JOB SCAM
How the scam works:
  • Pose as employees of well-known companies.
  • Don’t ask for professional references.
  • Require you to deposit your own cryptocurrency or money transfers to perform work.
  • Claim that the more money you deposit, the larger the commission you'll make. 
  • Claim that the more tasks you perform, the more money you make.
  • Require you to check-in with a "customer service" group for each set of tasks.
  • Require you to withdraw proceeds after each round of tasks.
  • Offer bonuses randomly during the process, sometimes simply for registering your account.
  • Warn you not to tell exchanges or banks about what you’re doing.
  • Accept various cryptocurrencies, like Bitcoin, Litecoin, Tether, or Ethereum; also accept money payments.
  • Only pay your salary if you perform the work almost—if not every day.
  • Promise that when a negative balance shows up, you'll receive a much larger commission. 
  • Encourage you to take out loans to cover the large negative balance or ask family or friends for help.
  • Claim that the issuance of this task that resulted in a large negative balance is "random," or that customer service has no control over it.
  • Threaten that unless a minimum amount is deposited each day while the account is frozen, the account will never be able to be unlocked. 
 
Tips for avoiding cryptocurrency job scams:
  • Verify the validity of any offer of employment from strangers or online posts. 
  • Be on the lookout for domain names that impersonate legitimate companies.
  • Misspelled URLs may be fake.
  • If a job opportunity seems too good to be true, it likely is. Be cautious of get rich quick schemes.
  • If an unknown individual contacts you, do not release any financial or personal identifying information (PII) and do not send any money.
  • Don't accept work from home jobs from someone who randomly reaches out via text message or through social media.
Elder fraud is devastating and not going any where. Each year, millions of elderly Americans fall victim to some time of financial fraud. 
 
COMMON ELDER FRAUD SCHEMES
  • Romance scam: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scam: A type of confidence scam where criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scam: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
  • Home repair scam: Criminals appear in person and charge homeowners in advance for home improvement services that they never provide.
  • TV/radio scam: Criminals target potential victims using illegitimate advertisements about legitimate services, such as reverse mortgages or credit repair.
  • Family/caregiver scam: Relatives or acquaintances of the elderly victims take advantage of them or otherwise get their money.

PROTECT YOURSELF
  • Recognize scam attempts and end all communication with the perpetrator.
  • Create a shared verbal family password or phrase that only you and your loved ones know.
  • Search online for the contact information (name, email, phone number, addresses) and the proposed offer. Other people have likely posted information online about individuals and businesses trying to run scams.
  • Resist the pressure to act quickly. Scammers create a sense of urgency to produce fear and lure victims into immediate action.
  • Call the police immediately if you feel there is a danger to yourself or a loved one.
  • Be cautious of unsolicited phone calls, mailings, and door-to-door services offers.
  • Never give or send any personally identifiable information, money, gold or other precious metals, jewelry, gift cards, checks, or wire information to unverified people or businesses.
  • Make sure all computer anti-virus and security software and malware protections are up to date. Use reputable anti-virus software and firewalls.
  • Disconnect from the internet and shut down your device if you see a pop-up message or locked screen. Pop-ups are regularly used by perpetrators to spread malicious software. Enable pop-up blockers to avoid accidentally clicking on a pop-up.
  • Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
  • Take precautions to protect your identity if a criminal gains access to your device or account. Immediately contact your financial institutions to place protections on your accounts, and monitor your accounts and personal information for suspicious activity.
 
Health care fraud can be committed by medical providers, patients, and others who intentionally deceive the health care system to receive illegal benefits or payments. This fraud causes tens of billions of dollars in losses each year. It can raise health insurance premiums, expose you to unnecessary medical procedures, and increase taxes.
 
COMMON TYPES OF HEALTH CARE FRAUD
Fraud Committed by Medical Providers
  • Double billing: Submitting multiple claims for the same service
  • Phantom billing: Billing for a service visit or supplies the patient never received
  • Unbundling: Submitting multiple bills for the same service
  • Upcoding: Billing for a more expensive service than the patient actually received
Fraud Committed by Patients and Other Individuals
  • Bogus marketing: Convincing people to provide their health insurance identification number and other personal information to bill for non-rendered services, steal their identity, or enroll them in a fake benefit plan
  • Identity theft/identity swapping: Using another person’s health insurance or allowing another person to use your insurance
  • Impersonating a health care professional: Providing or billing for health services or equipment without a license
Fraud Involving Prescriptions
  • Forgery: Creating or using forged prescriptions
  • Diversion: Diverting legal prescriptions for illegal uses, such as selling your prescription medication
  • Doctor shopping: Visiting multiple providers to get prescriptions for controlled substances or getting prescriptions from medical offices that engage in unethical practices
always be wary of deals that seem too good to be true. Don't become a scammer’s next victim.
Every year, thousands of people become victims of holiday scams. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood.
 
COMMON HOLIDAY SCAMS
  • Non-delivery scams, where you pay for goods or services you find online, but you never receive your items
  • Non-payment scams, where you ship purchased goods or services, but you never receive payment for them
  • Auction fraud, where a product you purchase was misrepresented on an auction site
  • Gift card fraud, where a seller asks you to pay with a pre-paid card

PROTECT YOURSELF
  • Don’t click any suspicious links or attachments in emails, on websites, or on social media. Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device. 
  • Know who you’re buying from or selling to. Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information on that site. 
  • Check reviews. If you’re purchasing from a company for the first time, do your research.
  • Be wary of sellers who post an auction or advertisement as if they reside in the U.S. but then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.
  • Be careful how you pay.
    • Never wire money directly to a seller.
    • Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item. 
    • Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.
  • Monitor the shipping process.
    • Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
    • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products. 
A money mule is someone who transfers or moves illegally acquired money on behalf of someone else.
 
TYPES OF MONEY MULES
Unwitting or unknowing money mules are unaware they are part of a larger scheme.
  • Often solicited via an online romance scheme or job offer
  • Asked to use their established personal bank account or open a new account in their true name to receive money from someone they have never met in person
  • May be told to keep a portion of the money they transferred
  • Motivated by trust in the actual existence of their romance or job position
Witting money mules ignore obvious red flags or act willfully blind to their money movement activity.
  • May have been warned by bank employees they were involved with fraudulent activity
  • Open accounts with multiple banks in their true name
  • May have been unwitting at first but continue communication and participation
  • Motivated by financial gain or an unwillingness to acknowledge their role
Complicit money mules are aware of their role and actively participate.
  • Serially open bank accounts to receive money from a variety of individuals/businesses for criminal reasons
  • Advertise their services as a money mule, to include what actions they offer and at what prices. This may also include a review and/or rating by other criminal actors on the money mule’s speed and reliability.
  • Travel, as directed, to different countries to open financial accounts or register companies
  • Operate funnel accounts to receive fraud proceeds from multiple lower level money mules
  • Recruit other money mules
  • Motivated by financial gain or loyalty to a known criminal group
COMMON SIGNS OF A MONEY MULE SCAM
  • Work-from-Home Job Opportunities
    • You received an unsolicited email or social media message that promises easy money for little or no effort.
    • The “employer” you communicate with uses web-based email services (such as Gmail, Yahoo, Hotmail, Outlook, etc.).
    • You are asked to open a bank account in your own name or in the name of a company you form to receive and transfer money.
    • As an employee, you are asked to receive funds in your bank account and then “process” or “transfer” funds via: wire transfer, ACH, mail, or money service business (such as Western Union or MoneyGram).
    • You are allowed to keep a portion of the money you transfer.
    • Your duties have no specific job description.
  • Dating and Social Media Sites - Dating and Social Media Sites
  • Cryptocurrency Kiosks - You are directed to deposit cash into one or more cryptocurrency kiosks.
Spoofing and phishing are key parts of business email compromise scams.
 
WHAT IS PHISHING?
Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals.
 
In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look convincingly similar to one you’ve used before.
 
But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
 
Phishing has evolved and now has several variations that use similar techniques:
  • Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
  • Smishing scams happen through SMS (text) messages.
  • Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.
 
WHAT IS SPOOFING?
Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.
 
For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.
 
Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
 
HOW TO PROTECT YOURSELF
  • Remember that companies generally don’t contact you to ask for your username or password.
  • Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
In romance scams, a criminal uses a fake online identity to gain a victim's affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.
 
The scammer wants to establish a relationship as quickly as possible, endear himself to the victim, and gain trust. Scammers may propose marriage and make plans to meet in person, but that will never happen. Eventually, they will ask for money.
 
The criminals who carry out romance scams are experts at what they do and will seem genuine, caring, and believable. Con artists are present on most dating and social media sites.
 
Scam artists often say they are in the building and construction industry and are engaged in projects outside the U.S. That makes it easier to avoid meeting in person—and more plausible when they ask for money for a medical emergency or unexpected legal fee.
 
If someone you meet online needs your bank account information to deposit money, they are most likely using your account to carry out other theft and fraud schemes.
 
 
PROTECT YOURSELF
  • Be careful what you post and make public online. Scammers can use details shared on social media and dating sites to better understand and target you.
  • Research the person’s photo and profile using online searches to see if the image, name, or details have been used elsewhere.
  • Go slowly and ask lots of questions.
  • Beware if the individual seems too perfect or quickly asks you to leave a dating service or social media site to communicate directly.
  • Beware if the individual attempts to isolate you from friends and family or requests inappropriate photos or financial information that could later be used to extort you.
  • Beware if the individual promises to meet in person but then always comes up with an excuse why he or she can’t. If you haven’t met the person after a few months, for whatever reason, you have good reason to be suspicious.
  • Never send money to anyone you have only communicated with online or by phone.

These criminals may impersonate any type of personnel appearing to offer support or assistance for the following: 

  • computer/virus support
  • virus software renewal
  • banking
  • online shopping websites
  • utility companies
  • security (including virus software renewal)
  • GPS
  • printer
  • cable and internet companies
  • cryptocurrency exchanges

HOW TECH SUPPORT SCAMS WORK
They tell you that there's some sort of issue with your device or account. They try to reach you in a number of ways, including:
  • Unsolicited phone calls or text messages claiming to be from tech support
  • Internet pop-up windows telling you to call a tech support number
  • Websites or online ads advertising a tech support number
  • Financial institutions, utility companies, or cryptocurrency exchanges
 
However the scammer gets your attention, they'll inform you that they can fix the issue for you—for a fee—and that you have to act fast. Scammers may ask you to wire cash, send a gift card, or even transfer cryptocurrency as payment. Once you grant the scammer remote access to your computer or your account, they'll steal your personal information and/or money.

HOW TO PROTECT YOURSELF
  • Slow down and think. Scammers deliberately create a sense of urgency and panic within victims to convince them to act immediately.  
  • Know that legitimate companies will never call you and offer tech support out of the blue. If you get a call like this, hang up.  
  • Never let someone claiming to be tech support to have remote access to your computer or other device. These scammers often get a victim on the phone and send them a link to download malicious software on their computer. Once that scammer is in your computer, they have access to all of your personal information and files and can potentially drain your bank accounts, too.  
  • Keep your virus scan software up to date on your computers to help eliminate pop-ups and malicious software being installed on your computer. 
All information has been sourced from FBI.gov and ConsumerFinance.gov. Visit these websites to learn more about scams and how to protect your financial information.