Scam Alerts

Scams and Fraud Alerts

As your bank, we want to help you avoid attempts to steal your information and your finances.  There are numerous scams and fraud attempts and though it would be impossible to list them all, we will list scams in our area here as we become aware of them.

Text Messaging Fraud

The latest method of communication from cybercriminals is text messaging. There are recent reports of banking scams that are circulating via text messaging.  The text messages appear to be from a financial institution, alerting the recipient that their account is locked. A link is provided, requesting that log in credentials are entered to reset the account. Links can take you to spoof sites that appear real in an attempt to steal your personal information and your money.
 

Financial institutions rarely, if ever, request that you unlock your account by a link provided in a text message. If you are unsure, go directly to your account using a bookmarked address or call your financial institution directly at a phone number that you know. When visiting websites, check for the “https” in the web address. If that “s” isn’t there, don’t proceed.

 

Do not use contact information provided in the text message or email. Fraudsters provide phone numbers and emails in hopes that you will contact them. Never give out credentials. By sharing log in credentials, cybercriminals have access to your account information.  If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.

Posted 10/30/18
 

Online/Mobile Banking Scams

Timberwood Bank has seen an increase recently in fraud involving Online Banking users. Users are recruited through Facebook or social media through what appear to be work-at-home jobs or other opportunities where the user is lured as a money transfer agent, also known as a money mule. The user is told they will receive deposits as payment into their account with instructions on withdrawing the funds and forwarding money to a designated contact person. The excess funds are to be sent back using the instructions provided by the fraudster.

The fraudster requests access to online/mobile banking usernames and passwords. The action will allow the fraudster to log in to the accounts to access mobile remote check deposit services to deposit their checks. The checks are fraudulent and will be returned. They want the money sent back out as soon as possible before the check is returned. The victim is then liable to cover those funds, many times resulting in a negative balance.

Never give out online banking credentials. No legitimate company is going to pay you by requesting access to your online banking. Any time someone requests funds to be sent back to them should be a red flag.  If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.

Posted 6/6/18
 

Tech Support Scams

Timberwood Bank has received reports of recent fraudulent tech support calls circulating. The caller claims to be from a reputable company (Microsoft or Apple). They say that they've detected viruses or malware on your computer. They claim to be "tech support" and will ask you to give them remote access to your computer, including Online Banking. Eventually, they will diagnose a problem and request payment by Western Union, iTunes gift cards, or debit/credit card.

If you receive a call, pop-up, or email of this type, do not respond and do not send money. This is a scam. Microsoft or Apple will not initiate a call due to a computer problem. These fraudsters are looking for money and can obtain personal information by gaining access to your computer.

If you did give them access to your computer, you can take these steps for further protection:

  • Turn your computer off and take it to be looked at by a professional.

  • Make sure you have up to date antivirus.

  • Change your passwords to any accounts, including online banking, social media, and other sites that you access from the computer.

  • Contact your bank or credit card company if you provided any account information, including Online Banking access.

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.

Posted 5/29/18
 

Fraudulent "Account Services" Calls

Timberwood Bank has received reports that consumers have been receiving fraudulent phone calls from someone who claims to be calling from Timberwood Bank Account Services. During the call, the caller requested card information for verification.

If you receive a phone call or email of this nature, do not respond or provide any personal information.  Timberwood Bank will not make calls of this type and will not request personal identifying information such as card information when initiating a call to a customer. If in doubt, hang up and call the bank back (608) 372-2265. 

As always, please use caution when opening emails from an unknown source and do not trust unsolicited phone calls. Never provide personal information or bank account information to an unknown, unsolicited source.

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.

Posted 2/22/18
 

Equifax Data Breach

Equifax Inc. (NYSE: EFX) announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

Not sure if your information has been compromised?

1. Visit www.equifaxsecurity2017.com, an online service Equifax has set up, to check if your information has been compromised.

2. Check all of your accounts via online services provided by your bank or credit card provider. If you don't have access to or haven't set up an online account, you can call the company directly for assistance in reviewing your accounts. Consumers should be looking for any discrepancies in their purchasing habits. Be sure to do this over the next few months! Just because the bad guys have your information now, it doesn't mean they will use it immediately.

3. Monitor your accounts closely and frequently. Balance your checkbook monthly and match credit card statements with receipts. By viewing accounts online and checking throughout the month, you'll be able to identify possible problems sooner.

4. Review your credit report every three or four months. You are entitled to one free credit report from each of the three major credit bureaus per year. Request a single report from one of the bureaus every three or four months. By staggering these requests, you will be able to monitor your cedit throughout the year.

You know your information has been compromised:

1. Contact the security departments of your creditors or bank to close the compromised account(s). Explain that you are a victim of identity theft and this particular card or account has been compromised. Ask them to provide documentation that the account has been closed. You should also follow up with a letter to the agency documenting your request.

2. Contact the three major credit bureaus (Experian, Trans Union and Equifax) via phone immediately to request a fraud alert be placed on your file. Once again, explain that you are a victim of identity theft and ask that they grant no new credit without your approval. Again, follow up with a letter to the agency documenting your request.

3. File a report with your local police department and request a copy of the report. This is good documentation to have on hand to prove your identity has been stolen as you begin the process of restoring your credit and good name.

4. Document all of your actions and keep copies of everything.

Whether you are sure or unsure your financial information has been compromised, one of your first calls should be to your bank. Your bank has a variety of resources available for customers that can help with situations like these. Their staff are also knowledgeable and more than willing to help.

Contact information for the three major credit bureaus.

 

Experian

Order credit report: 888-397-3742

Report fraud: 888-397-3742

www.experian.com

 

Trans Union

Order credit report: 800-888-4213

Report fraud: 800-680-7289

www.tuc.com

 

Equifax

Order credit report: 800-685-1111

Report fraud: 800-525-6285

www.equifax.com

Posted 9/11/17
 

"Refund" Reports

Timberwood Bank has received reports that consumers have been receiving fraudulent phone calls from someone who claims to be either from "Microsoft" or the "Government" regarding an offer to refund money that the consumer paid in ransomware. These are individuals who were recently a victim of WannaCry, Petya or some other strain of Ransomware and are now being contacted because they paid the ransom and are being offered a "refund". Some amounts mentioned during the phone call have been reported as $300 and others as $1,000 for the dollar amount. They are offering to send the refund  through PayPal, Western Union or the Routing/Account number at the consumer's bank. Some Institutions have reported that some of their customers have had funds withdrawn from their account as part of this scam.

If you receive a phone call or email of this nature, do not respond or provide any personal information.  Neither the Government or Microsoft would offer to refund these funds due to a scam. Also, the Government or Microsoft would have no way of knowing what individuals have actually paid ransomware amounts, so it would be difficult for them to know who to contact for a "refund". In fact, the person who took the funds is the one most likely to know who to call.  

As always, please use caution when opening emails from an unknown source and do not trust unsolicited phone calls. Never provide personal information or bank account information to an unknown, unsolicited source.  If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at 608-372-2265.
Posted 7/14/17
 

Petya Ransomware Infection

Across the globe there are businesses that have been the target of a cyber-attack today that utilizes ransomware that has been nicknamed Petya.  Several companies have already acknowledged that they have been affected by this.

Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it.  Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored.  Using unpatched and unsupported software may increase the risk of cybersecurity threats, such as ransomware.

As always, please be extremely cautious when opening email or visiting websites.  If you are not expecting something, don't open it.  If the sender is legitimate but the verbiage does not seem normal, call the sender with a number you have on file before clicking on links or attachments.  Now more than ever, we are being targeted by cyber criminals.  We are the best defense by being alert, informed and vigilant.   

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 6/27/17
 

Buckle Data Breach

Buckle has confirmed a recent breach. The retailer says that debit and credit card information may have been exposed. Based on the investigation, customers who used their cards beginning October 28, 2016 through April 14, 2017 may be affected. No personal information, PIN numbers, or social security numbers were obtained. At this time, Buckle does not believe that online purchases were impacted. 

Customers are advised to carefully review their statements and contact their financial institution to report any suspicious charges. If you used your card at a Buckle store from October 2016 through April 2017 and would like to order a new debit card, please contact Timberwood Bank at (608) 372-2265.   

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 6/22/17
 

Bogus IRS Certified Letters

In the latest twist, the scammer claims to be from the IRS and tells the victim about two certified letters purportedly sent to the taxpayer in the mail but returned as undeliverable. The scam artist then threatens arrest if a payment is not made through a prepaid debit card. The scammer also tells the victim that the card is linked to the EFTPS system when, in fact, it is entirely controlled by the scammer. The victim is also warned not to contact their tax preparer, an attorney or their local IRS office until after the tax payment is made.

EFTPS is an automated system for paying federal taxes electronically using the Internet or by phone using the EFTPS Voice Response System. EFTPS is offered free by the U.S. Department of Treasury and does not require the purchase of a prepaid debit card. Since EFTPS is an automated system, taxpayers won’t receive a call from the IRS. In addition, taxpayers have several options for paying a real tax bill and are not required to use a specific one.

Tell Tale Signs of a Scam:
The IRS (and its authorized private collection agencies) will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. The IRS does not use these methods for tax payments. Generally, the IRS will first mail a bill to any taxpayer who owes taxes. All tax payments should only be made payable to the U.S. Treasury and checks should never be made payable to third parties.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.
  • Ask for credit or debit card numbers over the phone.

For anyone who doesn’t owe taxes and has no reason to think they do:

  • Do not give out any information. Hang up immediately.
  • Contact the Treasury Inspector General for Tax Administration to report the call. Use their IRS Impersonation Scam Reporting web page. Alternatively, call 800-366-4484.
  • Report it to the Federal Trade Commission. Use the FTC Complaint Assistant on FTC.gov. Please add "IRS Telephone Scam" in the notes.

For anyone who owes tax or thinks they do:

  1. View your tax account information online at IRS.gov to see the actual amount you owe. You can then also review your payment options.
  2. Call the number on the billing notice, or
  3. Call the IRS at 800-829-1040. IRS workers can help.

The IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds.
Posted 6/15/17
 

Kmart Data Breach

Kmart has confirmed a recent breach. The retailer says that debit and credit card information may have been exposed. Based on the investigation, customers who used their cards beginning in September 2016 through April 2017 may be affected. No personal information, PIN numbers, or social security numbers were obtained. At this time, Kmart does not believe that online purchases were impacted. 

Customers are advised to carefully review their statements and contact their financial institution to report any suspicious charges. If you used your card at a Kmart store from September 2016 through April 2017 and would like to order a new debit card, please contact Timberwood Bank at (608)372-2265.    

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 6/6/17
 

Phony telephone number scam targets veterans

There’s a new scam out there, preying on veterans who are making decisions about their medical care. The Veterans Choice Program (VCP) is an initiative of the U.S. Department of Veterans Affairs (VA). The program allows certain eligible vets to use approved health care providers who are outside of the VA system. Veterans or families can call the VCP’s toll-free number to verify their eligibility for the program.

Here’s the problem: Scammers have set up a phony telephone line that very closely resembles the VCP’s real telephone number. Con artists often use names, seals, and logos that look or sound like those of respected, legitimate organizations. This time they’re using a phone number that’s almost identical to the real thing, counting on creating confusion. You call and think you’ve reached the VCP. The fake line’s message says you’re entitled to a rebate if you provide a credit card number. But if you give up your account information, they’ll debit your account and you’ll get nothing in return.  There is no rebate and you’ll need to cancel your credit card. 

If you’re a veteran – or you’re helping one with health care – remember these tips to avoid a scammer’s tricks.

  • Be sure you’re calling the real number for the Veterans Choice Program: 866-606-8198. If you’re not sure you’ve reached the VCP, hang up. Check the VCP’s site for the real number and try again.
  • The VA – or any government agency – will not ask for your financial account information.

Visit VCP’s site to learn more about the Veterans Choice Program – or call 866-606-8198. Check out the VA’s identity theft prevention program, More Than a Number.  Report identity theft to the FTC – and get a personalized recovery plan – at IdentityTheft.gov.
Posted 5/18/17


Google Docs Scam

Timberwood Bank has received reports of fraudulent emails circulating. The emails appear to be sent from a known source inviting you to click on a Google Docs link. The email is actually a phishing email.

Always use caution when opening emails. If you receive an email of this type, do not click on the link and delete the email. Anytime that you receive an email that you were not expecting, contact the sender before clicking on any links or delete the email.

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 5/3/17
 

If Caller Asks "Can You Hear Me?" Just hang up!

Have you heard of the "Can You Hear Me?" scam? Over the past few days even we have received a couple of these scam calls at Timberwood Bank.  Our staff members did hang up, but we want to make sure you are aware of this scam as well.

The scam has long been used to coerce businesses into purchasing office supplies and directory ads they never actually ordered, but now it's targeting individual consumers, as well.

For the last few days of January, more than half of the reports to Better Business Bureau Scam Tracker have been about this one scam. Consumers say the calls are about vacation packages, cruises, warranties, and other big ticket items. So far, none have reported money loss, but it's unclear how the scams will play out over time, or if the targets will be victimized at a later date. 

Here's how it works: You get a call from someone who almost immediately asks "Can you hear me?" Their goal is to get you to answer "Yes," which most people would do instinctively in that situation. There may be some fumbling around; the person may even say something like "I'm having trouble with my headset." But in fact, the "person" may just be a robocall recording your conversation... and that "Yes" answer you gave can later be edited to make it sound like you authorized a major purchase.

BBB is offering consumers the following advice:

  • Use Caller ID to screen calls, and consider not even answering unfamiliar numbers. If it's important, they will leave a message and you can call back.
  • If someone calls and asks "Can you hear me?", do NOT answer "yes." Just hang up. Scammers change their tactics as the public catches on, so be alert for other questions designed to solicit a simple "yes" answer.
  • Make a note of the number and report it to bbb.org/scamtracker to help warn others. BBB also shares Scam Tracker information with government and law enforcement agencies, so every piece of information is helpful in tracking down scammers.
  • Consider joining the Do Not Call Registry (DoNotCall.gov) to cut down on telemarketing and sales calls. This may not help with scammers since they don't bother to pay attention to the law, but you'll get fewer calls overall. That may help you more quickly notice the ones that could be fraudulent.

Check your bank and credit card statements regularly for unauthorized charges. It's also a good idea to check your telephone and cell phone bills, as well. Scammers may be using the "Yes" recording of your voice to authorize charges on your phone. This is called "cramming" and it's illegal.
Posted 2/7/17
 

Avoid Tech Support Phone Scams

Several computer users have reported receiving calls from someone claiming to be from Microsoft or Windows Support. They claim that the computer has a serious issue and they will help repair it. They then receive a follow-up call that they are receiving a refund for services. The caller will ask you to give them remote access to your computer. Upon accessing the computer, the fraudster is now able to download malware and/or obtain personal information, including passwords.

In the recent reports that we have received, the caller is requesting remote access to view customers' online banking, so that they can verify account information to initiate the refund. They then request debit card information to process the return.

Microsoft will never contact you. Never give out personal information to an unsolicited caller. If you receive this type of call, hang up.

If you receive a website pop-up claiming you have a computer virus, do not follow the directions. Close the pop-up browser window and run a virus/malware scan on your computer.

If you were a victim of this type of scam:

  • Run a virus/malware scan on your computer.
  • Contact a local, trusted computer technician to check your computer. 
  • Change all of your passwords, including account, social media, and email passwords.
  • Contact your Financial Institution and Credit Card Company to inform them that your account may have been compromised.

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 2/4/17
 

Requesting Copies of W-2s

As we come into the tax season, please stay alert to scams that use the IRS as a lure.  Some Wisconsin school districts are receiving an email that appears to be from the IRS requesting they upload all of their W-2s.  These emails are not actually from the IRS, but are part of a scam with the intention of collecting personal information.  Right now, the scam has been limited to school districts, but any business or individual could be targeted.  Please delete and do not respond to these emails if you receive them.

As a reminder, the IRS offers these tips:

  • Don't reply to the message.
  • Don't give out your personal or financial information.
  • Forward the email to [email protected]. Then delete it.
  • Don't open any attachments or click on any links. They may have malicious code that will infect your computer.

  The real IRS will not:

  • Initiate contact with you by phone, email, text or social media to ask for your personal or financial information.
  • Call you and demand immediate payment. The IRS will not call about taxes you owe without first mailing you a bill.
  • Require that you pay your taxes a certain way. For example, telling you to pay with a prepaid debit card.

More information on how to  report phishing or phone scams is available on IRS.gov.  If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 1/23/17
 

Fake IRS Emails

With tax season upon us, scammers are once again sending fake emails. The latest phishing email claims to inform recipients of a refund notification from the IRS.  The spam email appears to be sent from the IRS and contains a subject line that reads: "Payment for tax refund # 00 [6 random numbers]" and contains a zip attachment that reads as: Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js.

 If you get a 'phishing' email, the IRS offers this advice:

  • Don't reply to the message.
  • Don't give out your personal or financial information.
  • Forward the email to [email protected]. Then delete it.
  • Don't open any attachments or click on any links. They may have malicious code that will infect your computer.

  The real IRS will not:

  • Initiate contact with you by phone, email, text or social media to ask for your personal or financial information.
  • Call you and demand immediate payment. The IRS will not call about taxes you owe without first mailing you a bill.
  • Require that you pay your taxes a certain way. For example, telling you to pay with a prepaid debit card.

Stay alert to scams that use the IRS as a lure. More information on how to report phishing or phone scams is available on IRS.gov.  If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 1/11/2016

 

House Alarm Scam

A sales agent knocks on your door, claiming he’s there to upgrade or update your house alarm or home security system. It seems like he’s with the company you use – only he isn’t. He walks in, pulls out or disconnects your old system, and installs a new one without telling you. He then asks you to sign a document – but what you don’t know is that it’s a new contract.  Most people don’t know they’ve been scammed until they get a call from their original home security system company, saying the system isn’t responding. Or they start getting bills from two different alarm companies.

Here’s what to look out for to avoid this scam:

  • Sales agents who say they represent your current security company and want to upgrade or install a new system. Or a sales person may claim that your security company has gone out of business, and say they’ve taken over your account. They might insist that you buy new equipment and sign new contracts. If that happens, call your current company to confirm, using the phone number on the paperwork you already have.
  • Sales agents who push their way into your home, or refuse to leave. It’s always safer to say no to someone on your doorstep before they come in, rather than trying to get a salesperson out of your home. Firmly tell the person no. If they continue to pressure you, close the door and call the police.
  • High-pressure or scare tactics. Limited time offers, and pressure to “act now” to protect yourself from supposed crime sprees in your neighborhood are often signs of a scam. Report it to the FTC: https://www.ftccomplaintassistant.gov/

Posted 11/12/2015 

 

Con Artists Bank on Credit Card Chip Confusion

Many banks are issuing new debit and credit cards with an embedded chip for additional security. The new chips are meant to reduce fraud, but the hype around the new cards is giving fraudsters an opportunity for scams.

How the Scam Works:

You receive an email saying that your new credit or debit card with the chip is on the way. But first you need to update your account. The message seems to be from your bank or credit card issuer. It may have the company's logo and even the reply email address.

All you need to do, claims the message, is reply and confirm your personal and banking information. Or, in another version, the message instructs you to click on a link to continue the process.

Don't do it! If you share personal information, the scammer can use it to commit identity theft. If you click on the link, you may download malware to your device. Scammers use malware to steal your personal information, send spam and commit fraud.

Tips to Spot a Phishing Scam:

  • Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
  • Consider how the company normally contacts you. If a company usually contacts you by phone, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new communications. Banks and credit card issuers have secure communications channels that require you to log into your account before you can read the message.
  • Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address.
  • Check the company's website or call them. If something sounds suspicious, confirm it by checking with the bank or credit card issuer. The customer service phone number will be on the back of the card. If you want to look on the company's website, look for the URL on your statement or do a web search. DON'T click on any links in the message you suspect is a scam.
  • Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of messages that don't contain your name, last digits of your account number or other personalizing information.

Please Note: Timberwood Bank will begin issuing EMV (chip) Cards in the near future. These cards will be distributed as current cards expire. Timberwood Bank will not solicit customers by email to obtain personal information. If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at (608) 372-2265.
Posted 11/3/2015
 

Grandparent (Family Emergency) Scam

Scammers may pose as relatives or friends, calling or sending messages to urge you to wire money immediately. They’ll say they need cash to help with an emergency — like getting out of jail, paying a hospital bill, or needing to leave a foreign country. Their goal is to trick you into sending money before you realize it’s a scam.  Scammers Use Tricks:

  • They impersonate your loved one convincingly.  It’s surprisingly easy for a scam artist to impersonate someone. Social networking sites make it easier than ever to sleuth out personal and family information. Scammers also could hack into the e-mail account of someone you know. To make their story seem legitimate, they may involve another crook who claims to be an authority figure, like a lawyer or police officer.
  • They play on your emotions.  Scammers are banking on your love and concern to outweigh your skepticism. In one version of this scam, con artists impersonate grandchildren in distress to trick concerned grandparents into sending money. Sometimes, this is called a “Grandparent Scam.”
  • They swear you to secrecy.  Con artists may insist that you keep their request for money confidential – to keep you from checking out their story and identifying them as imposters. Victims of this scam often don’t realize they’ve been tricked until days later, when they speak to their actual family member or friend who knows nothing about the “emergency.” By then, the money they sent can't be recovered.
  • They insist that you wire money right away.  Scammers pressure people into wiring money because it’s like sending cash – once it’s gone, you can’t trace it or get it back. Imposters encourage using money transfer services so they can get your money before you realize you’ve been scammed.

Verify an Emergency:  If someone calls or sends a message claiming to be a family member or a friend desperate for money:

  • Resist the urge to act immediately, no matter how dramatic the story is.
  • Verify the person’s identity by asking questions that a stranger couldn’t possibly answer.
  • Call a phone number for your family member or friend that you know to be genuine.
  • Check the story out with someone else in your family or circle of friends, even if you’ve been told to keep it a secret.
  • Don’t wire money — or send a check or money order by overnight delivery or courier.
  • Report possible fraud at ftc.gov/complaint or by calling 1-877-FTC-HELP.

Re-Posted 6/29/2015

 

OPM Breach

In June 2015, the Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.  Later, the FBI put the number at eighteen million.  The data breach, which had started in March, 2014, and may have started earlier, was noticed by the OPM in April 2015. It has been described by federal officials as among the largest breaches of government data in the history of the United States.

Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses. The hack went deeper than initially believed and likely involved theft of detailed background security-clearance-related background information.

Timberwood Bank strongly encourages that you obtain and review your annual free credit report from any of the three national credit bureaus: Equifax, Transunion, or Experian.  If you believe your information has been compromised or if you have any questions, don’t hesitate to contact Timberwood Bank at (608) 372-2265 .
Posted 6/29/2015

Con Artists Targeting Student Loan Holders

How the Scam Works:  You get a phone call, email or spot a post on social media that claims a company can erase your student loan debt. Many claim that their service is made possible by a new government program or policy.  The company asks for an upfront fee to negotiate with your student loan lender on your behalf. They will claim they've helped numerous other clients, but don't believe them! Student loans can only be forgiven under specific circumstances, which are not fast or easy.  These scammers will take your fee and disappear.

In another version of the student loan scam, con artists claim that they can save you money by consolidating your loans. Some charge a fee for using a free government service. Others may actually move your loans to a private lender with a higher interest rate.   How to Spot a Student Loan Scam:

  • Never pay upfront. Real lenders will take a percentage once their service is complete. You don't need to pay an upfront fee beforehand.
  • Know your options.  If you are having trouble paying your student loans, contact your lender directly. You can research programs offered by the federal government.
  • Never give a 3rd party power of attorney. Don't sign anything giving a company the power to negotiate on your behalf. A scam company can use this to take control of your loans.
  • If it seems too good to be true... It probably is. Any company that claims it can erase your student loan debt in minutes is lying. Don't bother responding to the ad or email.  
    Posted 6/23/2015
     

Sally Beauty Breach

Sally Beauty Supply now says that it has "sufficient evidence to confirm that an illegal intrusion into our payment card system has indeed occurred."  The news comes 10 days after Sally Beauty announced that it was investigating reports of "unusual" card activity that had been brought to its attention.

Cardholders are encouraged to review their statements closely and report any unauthorized activity immediately. Scammers often start with small amounts to test the card without the victim noticing. Any card that has unauthorized activity should be closed immediately to avoid additional unauthorized activity.  If you have any questions, contact Timberwood Bank at (608) 372-2265.
Posted 5/15/15
 

Calls from the IRS (most recent number: 415-324-0491)

“…The issue at hand is extremely time sensitive.  I am Officer Nicki Johnson from Internal Revenue Service and the hotline to my division is 415-234-0491.  I repeat 415-324-0491.  Don’t disregard this message and do return the call before we take any action against you.  Goodbye and take care.”

An excellent resource for IRS related Tax Scams is www.irs.gov.  Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.
Posted 3/17/2015
 

Post Office Box Stolen

The Monroe County Sheriff's Department reported that a U.S. Mail drop box was stolen sometime between 1 p.m. Nov. 22 and 8 a.m. Nov. 24 outside the Warrens Post Office building in the village's downtown. There was likely a significant amount of mail in the box.

Anyone who placed mail in the box over the weekend is encouraged to call the Monroe County Sheriff's office and the Post Office with the date and time the letter was dropped.

People who mailed items from the stolen box are also encouraged to monitor their bank accounts for any suspicious activity related to the use of personal information.

If you have any questions, or if you feel that you were a victim of this type of fraud, please contact Timberwood Bank immediately at 608-372-2265.
Posted 11/25/2014

 

Pizza Hut "Free Pizza" Email Scam

There is an email circulating announcing Pizza Hut’s 55th  anniversary. It offers a free pizza by clicking on the “Get Free Pizza Coupon” button. By clicking on the coupon button, you will install malware on your computer.  Scammers create emails to look like they are legit and often times even use the company’s logo in the email. If you look closely at the Pizza hut email scam, there are some red flags:

  • The sender’s email address is not a Pizza Hut email address.
  • The coupon link doesn’t show pizzahut.com.
  • If you visit Pizza Hut’s website, it doesn’t have any advertising for the “55th anniversary free pizza offer”.
  • Searching for Pizza Hut’s 55th anniversary online brings up news articles for discounted pizza that are dated last year.
  • If you have not signed up for email discounts, it is unlikely that a company would send you discounts.

As always, never click on links in emails that you weren’t expecting.
Posted 11/6/2014
 

Kmart Data Breach

Kmart has confirmed a recent breach. The retailer says that debit and credit card information may have been exposed. Based on the investigation, customers who used their cards beginning in September through October 9 may be affected. No personal information, PIN numbers, or social security numbers were obtained. At this time, Kmart does not believe that online purchases were impacted.

Customers are advised to carefully review their statements and contact their financial institution to report any suspicious charges. If you used your card at a Kmart store from September 1 through October 9 and would like to order a new debit card, please contact Timberwood Bank at 608-372-2265.
Posted 10/13/2014

 

Home Depot Data Breach

Home Depot announced a credit card breach earlier this month. Investigation has found that more than 282,000 credit and debit card numbers were stolen from Wisconsin stores during the breach. The company reported that information was captured when customers swiped their cards at the cash registers, but not purchases made online. The breach potentially affected all stores in the US and Canada.

Timberwood Bank is strongly encouraging customers to review their statements closely for any unauthorized purchases. Any unauthorized purchases should be reported to your financial institution immediately. If you believe you used your credit or debit card at any Home Depot location during the affected timeframe of April to September, please contact the card issuer to request a replacement card.

Home Depot has announced that they will offer a free credit monitoring and identity theft protection to any customer who shopped at Home Depot and paid with a card since April 1. Please be cautious of unsolicited calls and emails claiming to be from Home Depot or its credit monitoring company. Phishing scams often circulate in an attempt to obtain bank account information, social security numbers, and other sensitive information.
Posted 9/19/2014

 

Robocalls Target Wisconsin

Wisconsin residents have reported receiving numerous calls within the past few days. The callers advertise lower credit card interest rates and and ask for the recipients card number. These calls are likely coming from overseas using a software to make any business or local number appear on the caller ID to trick the consumer into answering their phone. This technique is known as "spoofing".

Do not rely on caller ID and never give out personal information, such as financial information or social security numbers unless you initiated the call.
Posted 6/18/2014

 

Department of Revenue Email Scam

Emails claiming to be from Wisconsin Department of Revenue are alerting recipients that they owe Wisconsin taxes and could face penalties. If you receive this type of email, delete the email and do not click on any attachments. By opening the attachment, it could damage your computer or allow the scammer to collect personal information.

In one example, the subject of the email was "Payment notice #103831". The email stated that the recipient owed $162.85 and details were in the attachment. Another email gave a deadline of July 11, 2014.

The Wisconsin Department of Revenue will not initiate an email to discuss taxpayer information. In addition, they will not contact you by phone or email to request personal information.
Posted 5/28/2014

 

Facebook Email Scam

A new phishing email claiming to be from Facebook is circulating. The email states that it has been a while since you checked your account and states that your messages will be deleted. This is an attempt to obtain log-in credentials. If you receive this email, do not click on the link and delete the message. As a reminder, there are security settings that can be changed within the Facebook site to provide you with additional security. When receiving emails, always use caution when clicking on links.
Posted 5/27/2014
 

eBay Breach 5/23/14

eBay is requesting that that its users change their passwords following a data breach that exposed the records of 145 million of its users.

Compromised information includes encrypted passwords, customer names, e-mail addresses, mailing addresses, phone numbers, and dates of birth. According to company reports, financial information was not compromised. However, eBay customers are still at risk of identity theft due to the amount of sensitive data that was breached.

Please keep in mind that if you are an eBay customer, the password that you use for that site may be the same password that you are using for other sites (Online Banking, Facebook, Amazon, etc). If this is true, please consider changing your password for those sites also.

As always, please be aware of phishing emails or phone calls. Never release sensitive information.
Posted 5/23/2014
 

The Heartbleed Bug

What is Heartbleed Bug?  The Heartbleed bug is vulnerability in openSSL software that is used to encrypt information on the Internet. The flaw allows attackers to gain access to important encryption keys that protect website user information.  What is the danger of the Heartbleed bug?  The Heartbleed bug could cause serious issues:

  • Two-thirds of websites on the internet are vulnerable.
  • The Heartbleed Bug has gone undetected for more than two years, causing a large exposure and risk of exploitation.
  • The Heartbleed bug leaves no trace.

How can I protect myself from the Heartbleed bug?  It is especially important that you change your password on secure sites after they have been updated to fix this flaw.  This would include sites such as online banking, social media sites, online retailers, credit card companies and any site that has personal or secure information.  It is extremely important that you change your password AFTER the flaw has been fixed by an update or patch. Experts are also advising that internet use be limited for a few days.

**Timberwood Bank has responded to the reports of the internet security flaw this week. All of our banking systems have been evaluated and no issues have been detected. Due to this recent security event, however, we encourage all customers to that this opportunity to change their password and MFA questions as an added precaution.**
Posted 4/10/2014

 

Deed Scam Tricks New Homeowners Into Buying Useless Documents

Scammers doing business under multiple names - including Record Transfer Services - are soliciting consumers nationwide who conducted recent real estate transactions. The company tries to trick people into paying more than $80 for useless property records, including deeds that they can get for a few bucks from their county government. Among the victims of the deed scam are new homeowners in Wisconsin. They are deceived by Record Transfer Services' formal-looking letter, which looks like a government bill and asks for an $83 "document fee" for a deed and "real property records" by a certain deadline.

Anyone who would like a copy of their deed can get one from their county register of deeds office.
Posted 2/14/2014
 

BBB Warns of "One Ring" Cell Phone Scam

The Better Business Bureau Serving Wisconsin is warning cell phone users about a new scam that can result in unauthorized charges appearing on their monthly wireless statement.  It's called the "One Ring" scam because the scammers program computers to send thousands of calls to random cell phone numbers, ring once and then disconnect. The scammers then hope you are curious enough about the phone call that you return the call right away.  When the cell phone owner returns the call, they are charged $19.95 for an international call fee. After that, there is a $9.00 per minute charge. It’s reported that often they will first hear music followed by advertising. So,it’s easy to see how quickly these charges can add up.

Consumers who have been duped by these calls report that they are coming from the Caribbean Islands including Grenada, Antigua, Jamaica and the British Virgin Islands. If a person thinks they may have fallen for this scam, they should immediately alert their cell phone carrier and keep an eye on their cell phone bill. The earlier they document the fraud, the better their chances of having some or all of the charges removed.

To be as safe as possible, the BBB recommends the best thing to do if your phone rings and it's an international number you don't recognize, don't answer it and don't call back.

For more information on scams and to report a scam visit BBB Scam Stopper.
Posted 1/31/2014

 

Credit card scam alert: Mysterious $9.84 charges appearing on accounts

If a strange, unauthorized charge of $9.84 appears on your credit card from a website you don't recognize, it may be the "$9.84 scam." Since December, hundreds of consumers nationwide have complained in forums online about seeing unauthorized charges on their credit and debit card accounts from a website they've never heard of - typically for $9.84. So far, no one knows how the scammers obtained their credit card information. Complainants say the unauthorized charges were listed as stemming from an unknown website - most commonly EETsac.com but also TDWcs.com, IEWcs.com, CEWcs.com, SEWcs.com, IAWcs.com, FEOsac.com and CWEBcs.com. Milwaukee Journal Sentinel

Cardholders are encouraged to review their statements closely and report any unauthorized activity immediately. Scammers often start with small amounts to test the card without the victim noticing. Any card that has unauthorized activity should be closed immediately to avoid additional unauthorized activity.
Posted 1/31/2014

 

Target: 40M card accounts may be breached

Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. The chain said that accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have been exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. The data breach did not affect online purchases. Milwaukee Journal Sentinel

If you used your Timberwood Bank debit card at Target stores during this time period, please contact Timberwood Bank at 608-372-2265.
Posted 12/19/2013