An exterior shot of the J.P. Stone Community bank

SECURITY

Scam Alerts

JP Stone Community Bank continually makes investments in state-of-the-art online banking security to ensure we protect the confidentiality of every customer’s online information and to provide the utmost security of every user.

Calls or texts claiming to be from the bank

Dear Customer,

We live in very dangerous times.

Every day, it seems, there is something in the news about a website being hacked, a trusted provider suffering a data breach, or a treasure-trove of personal information being pulled by the tentacled hands of Cyber-Krakens down into the murky depths of the Dark Web.  It is 2023, and we all know the score. Somewhere, somehow, the Fraudsters have stolen YOUR personal information, and they are going to use it to steal YOUR money.

Unless YOU stop them.

One of the most effective ways they operate is to call you, or send you a text message, and pretend to be the bank. The text message or phone call will have JPSCB’s phone number on it, looking like it is really us…but it is not.  Here is how a typical attack will work:

  • You get a call or text from the JP Stone Fraud Department, asking you if you made a $400 transaction at a Walmart in Sarasota, Florida (or some similar story…and JPSCB does NOT have a “Fraud Department”)
  • Of course, you did not make the charge, so the Fraudster will assure you the money will be put back into your account.  They only need a little bit of information to make everything OK.
  • They will ask you questions, sometimes for a password or username, but MOST OFTEN, they send you a text message with a one-time code…and ask for that code.
  • They tell you everything is now OK, the money is back in your account, and tell you to have a nice day.

But here is what actually happened:

  • The fraudster logged into the JPSCB website using stolen usernames and passwords purchased on the Dark Web. Most people use the same username and password for multiple sites. When those sites get hacked, the username and passwords are sold…and most people use the same username/password combination for multiple sites. Even though JPSCB was NOT hacked, the fraudsters now have your login credentials.
    • PRO TIP: DO NOT use the same username and password for any sites with personal or financial information on them! Pick one that is unique to our site!
  • In order to set up a new SPIN P2P Payee, the system requires a One-Time-PIN (OTP) that often arrives in a text message. The fraudster sets themselves up as a payee then tells you they will send the OTP to your phone. Finally, they ask for the 6-digit code. Once you give it to them, they have authenticated themselves as a legitimate payee for SPIN.
  • They send themselves the money out of your account.

These thieves are VERY good at their jobs, and they can easily convince you they work for us. But you can beat them every time if you will remember this one rule: Our Bank will NEVER EVER call you and ask for personal information.  NEVER EVER. That’s ZERO TIMES. NEVER. ANYONE WHO ASKS FOR YOUR USERNAME, PASSWORD and/or ONE-TIME-PIN IS A FRAUDSTER.

When in doubt, just hang up and call the Bank! Low tech beats high tech EVERY TIME!

Thank you for being our customer. Together, we can beat the fraudsters and keep your money safe and sound.

Sincerely,

Richard E. Bradfute
EVP/CIO

E-mails fraudulently claiming to be from the FDIC

To: Chief Executive Officer (also of interest to Security Officer)

Subject: Consumer Alert

Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided.

Distribution: FDIC-Supervised Banks (Commercial and Savings)

Note: Paper copies of FDIC Special Alerts may be obtained through the FDIC’s Public Information Center, 877-275-3342 or 703-562-2200.

 

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that “in cooperation with the Department of Homeland Security, federal, state and local governments…” the FDIC has withdrawn deposit insurance from the recipient’s account “due to account activity that violates the Patriot Act.” It further states deposit insurance will remain suspended until identity and account information can be verified using a system called “IDVerify.” If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.

This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For your reference, FDIC Special Alerts may be accessed from the FDIC’s website. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit the FDIC’s website.

Sandra L. Thompson, Director
FDIC: Division of Supervision and Consumer Protection