{beginAccordion}

Current Scams

Fraudsters are relentless in their development of scams to outsmart the existing authentication controls put in place to protect account information. Here some of the recent scams:

Mortgage Mailing Scam Alert

Please be aware of a mailing being sent to Isabella Bank customers regarding their mortgage. In the mailing, it asks customers to call the phone number listed to discuss an important matter regarding their loan. 

Isabella Bank did not send out this mailing and the phone number listed will not direct you to an Isabella Bank employee. The phone number will lead you to a company attempting to sell mortgage insurance. 

Please remember, Isabella Bank will not contact you asking for personal information. Our customer's security always comes first and protecting your information is paramount to all of us at Isabella Bank. 

 

FTC Giving to Help in Ukraine? Get Your Money Where You Mean it To Go  –

As ever, when scammers spot a crisis in the world, they are there to take advantage. After disasters, scammers will set up fake charities that look and sound like real ones to try to get your money.

Millions of people want to help support individuals in the Ukraine right now. If you’re one of them, take a moment to make sure your generosity is really benefiting the people and groups you intend.

Here are some places to start:

• Check out the organization. Search online for the name of the group, plus words like “review,” “scam,” or “complaint.” See if others have had good or bad experiences with the charity, as well as what charity watchdog groups say about that organization.

• Slow down. You don’t have to give immediately. It is a good idea to do some research first to make sure your donation goes where you want it go.

• Find out how your money will be spent. Ask, for example, how much of your donation will go to the program you want to help? If someone calls to ask to donate, they should be able to answer those critical questions.

• Know who’s asking. Don’t assume a request to donate is legitimate because a friend posted it on social media. Your friend might not personally know the charity or how it spends money.

• Look at fees and timing, especially if you’re donating through social media. Be sure to make sure what organization your donation goes to, check whether there are fees, and how quickly your money gets to them. If you can’t find the answers quickly, consider donating in other ways.

 

Michigan Catastrophic Claims Association Scam Alert

Insurance companies are raising awareness of scammers who are taking advantage of the Michigan Catastrophic Claims Association’s (MCCA) return of surplus funds to Michigan auto insurance policyholders. Scammers are calling people pretending to work for insurance companies and are asking for personal bank information to direct deposit your refund. Please remember that it is important to never give out personal information over the telephone and that the surplus funds are to be sent out by check, not direct deposit. If you receive a call regarding your MCCA refund, contact your insurance company directly to verify the information request and inquire about how you can provide the information securely, if necessary.

The Michigan Department of Insurance and Financial Services provides more information regarding the Michigan Catastrophic Claims Association refunds on their website to answer any questions you may have.

 

ISN Corporation Scam

What is the ISN Corporation Scam? ISN Scam ISN Scam is the new scam that has been affecting many mortgage loan borrowers across America. Some complain that they are receiving fraudulent letters in which it is an indication they have a mortgage that will be being transferred to NOVAD and they are required to pay a further amount to ISN Corporation.

The letter contains the address and contact numbers for ISN Corporation, and it appears authentic. However, there’s no authentic confirmation by the agency or the bank. Therefore, it should not be taken as. The public is advised to ignore the letter ISN Corporation Scam letter and to avoid paying ISN Corporation until the borrowing agency or bank asks.

Some More Information About The ISN Corporation Scam: After reviewing a variety of variables, it’s been established there is no doubt that this ISN Corporation Letter people are receiving is a fraud and is not genuine. Some of the evidence which support the claim include:

  • The documents that people receive are sketchy, as stated in comments. The letterhead is an imitation and not the original, with a blurry and sloppy logo.
  • It is clear that the letter from the ISN Corporation Scam letter isn’t from the agency or bank which reverse mortgage credit was taken. It is a sign that the loan is fraudulent.
  • Additionally, many have stated on the fact that the email they received was from NOVAD informing the recipients to pay ISN Corporation, which has nothing to have anything to do with the bank that borrowed or the agency.
  • Additionally, those who don’t have any mortgage loans are also getting the fraudulent note, warning that this is a scam and should be discarded.
  • ISN is a legitimate company, however it works with National Security and IT related products and has nothing to do with mortgage servicing.

 

Money Mules Fuel Fraud

What are money mules? Money mules are people who recieve and move money obtained by victims of fraud. Some money mules know they’ve been recruited to assist criminal activity, but others become money mules without realizing their activity is benefiting fraudsters.  Learn more here.

Social Security issues scam alert

The Social Security Administration is raising awareness of phone scammers who are telling people that there is a problem with their Social Security number or account or that they are losing benefits. The agency offers articles, blogs and other materials on its website that institutions can use to notify customers.

Tech Support Scam 

The subject claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Some subjects are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. The subject claims the company has received notifications of errors, viruses, or security issues from the victim's internet connection. Subjects are also claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations.

Technical Details

Initial contact with the victims occurs by different methods. Any electronic device with Internet capabilities can be affected. 

  1. Telephone: This is the traditional contact method. Victims receive a “cold” call from a person who claims the victim's computer is sending error messages and numerous viruses were detected. Some victims report the subjects have strong foreign accents.
  2. Pop-up message: The victim receives an on-screen pop-up message claiming viruses are attacking the device. The message includes a phone number to call to receive assistance.
  3. Locked screen on a device (Blue Screen of Death - BSOD): Victims report receiving a frozen, locked screen with a phone number and instructions to contact a (phony) tech support company. Some victims report being redirected to alternate websites before the BSOD occurs. This has been particularly noticed when the victim was accessing social media and financial websites.
  4. Pop-up messages and locked screens are sometimes accompanied by a recorded, verbal message to contact a phone number for assistance.

Once the phony tech support company/representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device. 

If the device is mobile (a tablet, smart phone, etc.), the subject often instructs the victim to connect the device to a computer to be fixed. Once the subject is remotely connected to the device, they claim to have found multiple viruses, malware, and/or scareware that can be removed for a fee. Fees are collected via a personal debit or credit card, electronic check, wire transfer, or prepaid card. A few instances have occurred in which the victim paid by personal check.

Variations and Trends

An increasingly reported variation of the scam occurs when the subject contacts the victim offering a refund for tech support services previously rendered because the company has closed.

The victim is convinced to allow the subject access to their device and to log onto their online bank account to process the refund. The subject then has control of the victim's device and bank account. With this access, the subject appears to have “mistakenly” refunded too much money to the victim's account, and requests the victim wire the difference back to the subject company. In reality, the subject transferred funds among the victim's own accounts (checking, savings, retirement, etc.) to make it appear as though funds were deposited. The victim wires their own money back to the company, not finding out until later that the funds came from one of their own accounts. The refunding and wiring process can occur multiple times, which results in the victim losing thousands of dollars.

Victims are increasingly reporting subjects are becoming hostile, abusive, and utilizing foul language and threats when being challenged by victims.

Additional Threats

The tech support scam is an attempt by subjects to gain access to victim devices. However, more can happen once a subject is given access to the device. For example: 

  • The subject takes control of the victim's device and/or bank account, and will not release control until the victim pays a ransom.
  • The subject can access computer files that may contain financial accounts, passwords, and personal data (health records, social security numbers, etc.).
  • The subject may intentionally install viruses on the device.
  • The subject threatens to destroy the victim's computer or continues to call in a harassing manner.

Defense and Mitigation

  • Recognize the attempt and cease all communication with the subject.
  • Resist the pressure to act quickly. The subjects will urge the victim to fast action in order to protect their device. The subjects create a sense of urgency to produce fear and lure the victim into immediate action.
  • Do not give unknown, unverified persons remote access to devices or accounts. A legitimate software or security company will not directly contact individuals unless the contact is initiated by the customer.
  • Ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to the attempt.
  • If a victim receives a pop-up or locked screen, shut down the device immediately. Victims report that shutting down the device and waiting a short time to restart usually removes the pop-up or screen lock.
  • Should a subject gain access to a device or an account, victims should take precautions to protect their identity, immediately contact their financial institutions to place protection on their accounts, and monitor their accounts and personal information for suspicious activity.

Filing a Complaint

Individuals who believe they may be a victim of an online scam (regardless of dollar amount) can file a complaint with the IC3 at www.ic3.gov.

To report tech support scams, please be as descriptive as possible in the complaint including:

  1. Name of the subject and company.
  2. Phone numbers and email addresses used by the subject.
  3. Websites used by the subject company.
  4. Account names and numbers and financial institutions that received any funds (e.g., wire transfers, prepaid card payments).
  5. Description of interaction with the subject.

Complainants are also encouraged to keep all original documentation, emails, faxes, and logs of all communications. 
Because scams and fraudulent websites appear very quickly, individuals are encouraged to report possible Internet scams and fraudulent websites by filing a complaint with the IC3 at www.ic3.gov.

To view previously released PSAs and Scam Alerts, visit the IC3 Press Room.

Tips to Protect Your Computer from Intrusion 

  • Keep Your Firewall Turned On: Whenever your computer is on be sure your firewall is on. A firewall helps protect your computer from hackers. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
  • Install and Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If malicious code, a virus or a worm is detected, the software works to disarm or remove it. These infections can infect computers without your knowledge. If your software offers it, set it to update automatically.
  • Install and Update Your Antispyware Technology: Spyware is just what it sounds like-software that is secretly installed on your computer to let others watch your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware. In some cases these products may be fake and actually contain spyware or other malicious code.
  • Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
  • Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don't know, and be wary of attachments from people you do know. They may have unwittingly advanced malicious code. Also be wary of links embedded in emails. They may lead you to rogue websites that download malicious code to your computer.
  • Turn Off Your Computer: With the growth of high-speed Internet connections it is easy to leave your computers on and ready to go. But it always on it is more susceptible to unwanted attacks. Turning the computer off stops an attacker's connection to send it spyware or use it as a botnet that employs your computer's resources to reach out to other unwitting users.

IRS Updates Phone Scams Warning 

The IRS is again warning the public about phone scams that continue to claim victims all across the country. In these scams, thieves make unsolicited phone calls to their intended victims. Callers fraudulently claim to be from the IRS and demand immediate payment of taxes by a prepaid debit card or wire transfer. The callers are often hostile and abusive.

The Treasury Inspector General for Tax Administration (TIGTA) has received 90,000 complaints about these scams. TIGTA estimates that thieves have stolen an estimated $5 million from about 1,100 victims. To avoid becoming a victim of these scams, you should know:

  • The IRS will first contact you by mail if you owe taxes, not by phone.
  • The IRS never asks for credit, debit or prepaid card information over the phone.
  • The IRS never insists that you use a specific payment method to pay your tax.
  • The IRS never requests immediate payment over the telephone.
  • The IRS will always treat you professionally and courteously.

Scammers may tell would-be victims that they owe money and that they must pay what they owe immediately. They may also tell them that they are entitled to a large refund. Other characteristics of these scams include:

  • Scammers use fake names and IRS badge numbers to identify themselves.
  • Scammers may know the last four digits of your Social Security number.
  • Scammers spoof caller ID to make the phone number appear as if the IRS is calling.
  • Scammers may send bogus IRS emails to victims to support their bogus calls.
  • Victims hear background noise of other calls to mimic a call site.
  • After threatening victims with jail time or driver's license revocation, scammers hang up. Others soon call back pretending to be from the local police or DMV, and caller ID again supports their claim.

If you get a phone call from someone claiming to be from the IRS, here's what you should do:

  • If you know you owe taxes or you think you might owe taxes, call the IRS at (800) 829-1040. IRS employees can help you with a payment issue if you owe taxes.
  • If you know you don't owe taxes or don't think that you owe any taxes, then call and report the incident to TIGTA at (800) 366-4484.
  • If scammers have tried this scam on you, you should also contact the Federal Trade Commission and use their "FTC Complaint Assistant" at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.

The IRS encourages you to be vigilant against phone and email scams that use the IRS as a lure. Visit the genuine IRS website, IRS.gov, to learn how to report tax fraud and for more information on what you can do to avoid becoming a victim.

Common Scams

Fraudsters are relentless in their pursuit of finding sophisticated, malicious techniques to outsmart the existing authentication controls put in place to protect account information. Key logging, virus attacks and phishing scams are some of the techniques used by fraudsters. While the risk of fraud exists on all account types, many of these schemes target small and medium sized business customers. Your first line of defense is knowledge about what you, the end-user, can do to protect yourself from becoming a victim of fraud.

Keystroke Logging / Virus Attacks

Keylogging is a method by which fraudsters record your actual keystrokes and mouse clicks. Keyloggers are "Trojan" software programs that target your computer's operating system (Windows, Mac OS, etc.) and are "installed" via a virus. These can be particularly dangerous because the fraudster has captured your user ID and password and anything else you have typed while online. If you are like most other users and have the same ID and PIN/Password for many different online accounts, you have essentially granted the fraudster access to any company with whom you conduct business. After all, they have your login credentials so they appear to be a valid user.

Phishing

Phishing is a scam where fraudsters request personal information from users. While requests are most commonly in the form of an email from an organization you may or may not do business with, they could also be from a phone call, text message or letter. The request is made to look exactly like it came from the organization, complete with company logos and other convincing information. The request usually states that the company needs you to update your personal information or that your account is about to become inactive or frozen, all in an effort to get you to supply your information. Please remember no reputable business will ever contact you in these ways requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers. While nothing is foolproof, following these guidelines as a well as having a general awareness of the potential threats will greatly reduce your risk of being a victim of fraud. Commercial account holders should perform a periodic assessment of their internet banking procedures and evaluate the controls they have in place to reduce the risks they identify.

Online Fraud

While nothing is foolproof, following these guidelines as well as having a general awareness of the potential threats will greatly reduce your risk of being a victim of fraud. Commercial account holders should perform a periodic assessment of their internet banking procedures and evaluate the controls they have in place to reduce the risks they identify.

Use Anti-Virus Software

This is one of the most important things you can do to protect your computer from viruses. There are many on the market today. Be sure you only purchase or use Anti-Virus protections from a reputable company.

Keep Your Operating System Up-To-Date with the Latest Security Patches

Check the website of your operating system for updates and security patches. Some systems allow you to set automatic updates.

Never Click on a Link From a Business Requesting That You Provide Them with Personal Information

Keep in mind that no reputable business will ever email you requesting that you update your personal information, including account numbers, system passwords or Social Security Numbers via a link to their site.

Change Your Passwords Often

We recommend changing your password every 30 or 60 days.

Do Not Use the Same ID and PIN or Password for Other Online Accounts

Never store your ID and Password information where others could gain access to it, and do not disclose your login credentials to other people or companies.

A Dedicated Computer Used Specifically for Online Banking Activity Is Highly Recommended

The dedicated computer should never be used to "surf" the internet, access websites or read email. The only internet access allowed should be signing on your internet banking account.

Avoid Accessing Your Online Banking Accounts Via a Wireless Network, Unless You Are Certain It Is Secure

If you have a wireless router at home, ensure it is locked. You should avoid using public computers but if you do, do not store your user name or password for future visits. Be sure to log off and, if possible, shut down the computer before you leave it.

Businesses Should Take Advantage of Tokens

Isabella Bank offers hard tokens, which provide a unique one-time use password each time you access your cash management account online.

Isabella Bank's Contact Policy

Isabella Bank may contact you in order to provide general account or banking information but we will never contact you and ask for personal information.

Never respond to an email, telephone call, text message or letter that appears to be from us and requests non-public personal information. (Non-public information includes account number, social security number, and internet banking credentials.) Please contact us directly before you provide banking information to anyone who contacts you on an unsolicited basis. Call Customer Service at (989) 772-9471 or (800) 651-9111.

Never use links or phone numbers from a suspicious email. Use the contact information you have on file.

Security Resources

Community Compass

Create a brighter financial future with free, online financial literacy training. Visit Community Compass now.

{beginAccordion}