Equifax Data Breach

0
September 8, 2017 // Security, Technology, Tips
This is being provided for informational purposes only.  Mercantile Bank of Michigan is not making recommendations of action or inaction, it is important for you to consider what may be the best option for you.

 

As of 9/7/2017, Equifax has stated that there is “No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases”.  Regardless, it may be in your best interest to understand or review the information Equifax has been issuing in response.

We’re sure you have questions.  For answers, go to www.equifaxsecurity2017.com or call 1-866-447-7559.  Their call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.

In addition to the Equifax Potential Impact website, Equifax will send direct mail notices to consumers whose credit card numbers (estimated at 209,000 people) or dispute documents (estimated at 182,000 people) with personal identifying information were impacted.

To see recommended courses of action the Federal Trade Commission has provided on the breach, please click here.  If you would like other information related to online security and related services the bank offers click here.

 

Like me, I hope you have fond memories of your grandparents.  When invited to grandma’s house for lunch, I could always count on having something on the table she knew I liked.  Grandparents are very special and we need to care for them as much as they care for us. 

Unfortunately our grandparents, parents and older adults are the target of many types of scams received over the phone or via an email.  These scams attempt to deceive with promises of goods, services, financial benefits or the need to send money to pay taxes, fees or to help someone they love.  Their stories are contrived for one purpose and one purpose only, to get money.  Below is just one example of these schemes.

Scammers place a call to an older person and when they answer, the scammer will say something along the lines of: “Hi Grandma, do you know who this is?” When the unsuspecting grandparent guesses the name of the grandchild the scammer most sounds like, the scammer has established a fake identity without having done a lick of background research.

Once “in,” the fake grandchild will usually ask for money to solve some unexpected financial problem (overdue rent, payment for car repairs, etc.), to be paid via Western Union or MoneyGram, which don’t always require identification to collect. At the same time, the scam artist will beg the grandparent “please don’t tell my parents, they would kill me.”

One of the best ways to protect our loved ones from these types of tactics is to talk with them about it.  Building awareness is the first step.  If they are willing, another step might be helping them with paying bills and balancing their bank accounts.

If you have been or know someone who has been a victim; don’t be afraid to talk about it with someone you trust. You are not alone, and there are people who can help. Doing nothing could only make it worse. Keep handy the phone numbers and resources you can turn to, including the local police, your bank (if money has been taken from your accounts), and Adult Protective Services at 1-855-444-3911.  Call anytime day or night to report suspected abuse of vulnerable adults.


While growing up I remember being told “if something seems too good to be true, it probably is” This has always been good advice when it comes to the many money making scams that seem to plague our world. There are many types of fake check scams, but it all seems to start when a scam artist convinces you to take a check from them, deposit into your account and then wire a portion of the check to another account somewhere in the world. Both the check and their story are phony, but that could take days to discover. However, when the check you deposited comes back as a fake, and it will, the bank is going to expect you to get the money back. You are responsible for the checks you deposit into a bank account. There is no legitimate reason why anyone would give you a check or money order and ask you to wire money anywhere in return.
Here are some good steps to take if you receive a check for anything:
Wait 10 business days after deposit – Most of these scams require you to deposit the money and then withdraw the portion they want you to wire immediately. If you wait 10 business days, you will know if the check is a fake. This can also be helpful when selling something online and the purchaser wants to pay via money order or cashier check and have someone else pick it up. Cash is always a good way to go with these types of deals.
Ask for a check drawn on a local bank – If the check is drawn on a local bank or the bank has a branch in your area, you can make a personal visit to make sure the cashier check or money order is valid. Don’t do anything until you are able to validate the check. Best practice is to only except a check from someone you know and trust.
Don’t be pressured – Scam artists always use urgency and high-pressure to get you to do what they want. If you start feeling or realize the other person is using these tactics, it is a good sign to walk away.
As a reminder, there is no legitimate reason why anyone would give you a check or money order and ask you to wire money anywhere in return, EVER!
Check back for more information on the next Mercantile Bank Security Minute.

Ransomware

0
April 24, 2017 // Security, Technology, Tips



Bad guys using ransoms to extort money from innocent people isn’t just something you see in the movies anymore.  Every day, people’s computers and everything on them are being held hostage unless a ransom is paid.  This threat isn’t targeted at just businesses, it is very opportunistic, and infecting anyone it can. 

Ransomware is a type of malware that encrypts the data on an infected computer.  All of your precious family photos, videos and important documents, once encrypted, will no longer be accessible without the encryption key – which you can get only if you pay the amount the extortionist demands.  This could be hundreds or thousands of dollars.  What is your information worth to you?

Fortunately there is a better way to protect yourself than paying the ransom.  By taking a few simple steps, you can avoid falling victim to this money making scheme:

  • Back up your important files to a secondary location – Online Cloud Storage and USB attached hard drives are two great ways to back up what matters to you most in a second secure location.  Don’t worry about program files as they can be restored from the source.  Tax files, photos, videos, Word or Excel documents, are the types of files you want to ensure are backed up to a second location.
  • DO NOT keep your backup storage attached to your computer – Some systems allow you the ability to automate the backup of files to a secondary location.  Be careful, the ransomware is often sophisticated enough to encrypt your backup drives if it sees them and has access.
  • Think twice before clicking on links or downloading attachments – Links or attachments within Phishing emails and social media sites like Facebook could be a trap that once sprung, sets into motion the chain of events caused by ransomware.  Be very suspicious and ask yourself if it is really worth it to see whatever it is someone sent you.

If you become a victim of ransomware and you followed the steps above to back up your important files to a secure second location, don’t pay the ransom.  Take your computer into a local reputable computer repair shop to have it restored and then copy your important files back onto your computer from your back up.

Law enforcement doesn’t recommend paying the ransom, although it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back.  If you pay the ransom, there’s no guarantee you’ll get your files back.  In fact, agreeing to pay signals to criminals that you haven’t backed up your files.  Knowing this, they could increase the ransom price – and may delete or deny access to your files anyway.  Even if you get your files back, they may be corrupted and you might be a target for other scams.

Check back for more information on the next Mercantile Bank Security Minute.


Have you ever received one of these bogus tech support calls?  The fraudster calls claiming to be from technical support at Microsoft, Apple, or other well-known companies. They say that they’ve detected viruses or malware on your computer to trick you into paying for software you don’t need or worse yet, convince you to give them remote access to your computer to fix the problem.

These fraudsters take advantage of your concerns about viruses and other threats.  They know most computer users have heard over and over that it’s important to install and maintain security software.  But the purpose behind this elaborate scam isn’t to protect you and your computer; it’s to make money.

Once they have gained your trust, they may:

  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Try to enroll you in worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services – or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords to online financial sites, your email account, and more.
  • Direct you to websites and ask you to enter your credit card number and other personal information.

Regardless of the tactics they use, they have one purpose; it’s to make money.

If you get one of these calls, HANG UP!  Microsoft, Apple or any other company will not call you proactively in this way. The caller will likely try to create a sense of urgency or use high-pressure tactics to get you to do what they want; Just Hang Up!

If you believe you may have been a victim of one of these scam calls, don’t panic.  Instead:

  • Unplug your computer from the internet.
  • Take your computer to a local reputable business that specializes in fixing computers; let them know what happened.
  • Once your computer has been repaired, or via another computer/device, change your passwords on all online financial and email sites you use and any other passwords you gave out.
  • If you paid for bogus services with a credit card, call your credit card provider and ask to reverse the charges.  Check your statements for any other charge’s you didn’t make, and ask to reverse those too.

Check back for more information on the next Mercantile Bank Security Minute.

Article Written By: Kyle Kunnen | SVP, Information Security Officer | Mercantile Bank of Michigan

If you are like me, once everyone is home for the evening, I go around and lock all the doors and make sure the two by four is in the track of the slider door.  As an added security measure we have motion sensors on some large outdoor lights.  Your computer is like your home and there are numerous ways you can protect it from intruders too.

A firewall is a definite must have if you connect your computer to the internet.  Not only ensure you have one, but also make sure the default administration password has been changed.  The default password on a lot of home systems is “password” and everyone knows this, especially those with malicious intent.  Change it to something only you know.  If you need to write it down, be sure to store it in a safe place.

I recommend you find someone who knows a thing or two about in home firewalls and seek their advice on the best way to configure your solution.  Below are some additional items to consider for improving security for your computer:

  • Endpoint Protection – This is a new term describing the next generation of Anti-Malware software.  Make sure you have one running on your computer.  There are many commercially available solutions.
  • Auto Updates – You need to ensure your Endpoint Protection, Operating System and other software applications remain updated with the latest security patches provided by the vendor.  The most convenient way to do this is using the auto update features built into these solutions.
  • Screen Saver Lock – By setting up a password for your computer and enabling the screen saver lock, you keep information on your computer safe.  It also provides you control over who you allow to utilize your computer and when.

 


Article Written By: Kyle Kunnen | SVP, Information Security Officer | Mercantile Bank of Michigan

My first car, a Chevy Cavalier Z24.  It was a manual and it was so much fun shifting through the gears at a rapid pace.  Today I enjoy driving my sons 1970 Dodge Dart Swinger.  Yes it is a manual transmission too and I have just as much fun racing through its gears like I did my old Z24.  Being an old car, it burns a little oil.  We check the oil regularly to avoid the risk of blowing up an engine.  Computers are like my son’s old car.  Preventative maintenance is also required.  While your computer may not blow up like an engine, it is at risk of failure if you don’t keep its operating system up to date. 

Vendors that manufacture the software for computers regularly release security updates.  These updates if not applied frequently will cause your system to be more susceptible to malware.  If your system is compromised, it can cause your system to behave erratically, become extremely slow, and even become inoperable. As a best practice, set your computer to auto update when a critical security patch is made available by the vendor.

The other software on your computer works the same way.  Vendors frequently produce releases to fix known security flaws.  Take a minute to review the settings within those applications.  You will likely find you can set them to auto update as well.


Article Written By: Kyle Kunnen | SVP, Information Security Officer | Mercantile Bank of Michigan

Mobile devices afford us the convenience of being connected anywhere, anytime.  Couple that with all the different forms of social media available today and you could be putting yourself at risk.  One way to limit your risk is to limit how much you share.  Most people would not share their tooth brush but are very comfortable announcing their next activity like “TGIF, heading north for a long weekend”. Think of your tooth brush before you make your next post and limit what and when you share.  Sharing how great your up north weekend escape was after it happened is much more appropriate then before you go.

Social media, like many applications is inherently good, but it can also be utilized by those with less than good intentions.  Below are some additional items to consider as you use social media:

  • Thoroughly review the security and privacy settings – Most applications like, Facebook for example, give you a lot of control over security and privacy.  Make sure you take the time to set them appropriately and check back periodically as vendors add security features which by default are not automatically enabled.
  • Don’t be a friend or connect to everyone – Do you know everyone you are connected with via social media?  If not, a perfect stranger could be watching everything you post.  Consider setting up special groups like Family, Friends or a Special Interest so you can share what is appropriate within those groups and membership is controlled.
  • Posting Pictures Online – If you are taking pictures with your mobile device, make sure you have disabled your phones ability to tag the photo with the GPS location of where it is tagged.  If you don’t and it gets into the wrong hands, the GPS coordinates could lead someone right to your front door.
  • Review the privacy settings on your mobile device – There are many configurable security and privacy settings within your mobile device.  Typically you can find them under the settings icon.  You may be shocked to know what your device is doing to track you and your activities.

Article Written By: Kyle Kunnen | SVP, Information Security Officer | Mercantile Bank of Michigan

Mobile devices have become a significant part of our lives. It wasn’t that long ago, cell phones were a privilege afforded by only a few. Today, virtually everyone carries a mobile device. The allure of always being connected and immediate access to virtually anyone or everything is immense. This additional access while great is not free from risk. Because we use our mobile devices to shop, bank and conveniently access private information, it has become even more imperative to take added precaution. Whether it is a cell phone, tablet, or other mobile device, they typically have the ability to enable a screen locking feature. Enabling this feature not only requires a code for entry, it also encrypts the contents stored on the device. This is a great first step in securing your mobile device providing assurance your information remains protected if lost or stolen.

Below are some additional items to consider as you use your mobile device:

  • Never jailbreak your mobile device – While it seems to add functionality to bypass restrictions set by the manufacturer, it also greatly diminishes the devices security.
  • Only use device approved app stores – The Google Play or Marketplace and Apple’s App Store. Other places exist to download apps that appear to be the same as those found in the traditional app stores, but are often repackaged solutions with malicious intent. 
  • Remove no longer used applications – This will not only free up space, but reduce the number of possible applications that could someday become a vulnerability. 
  •  Keep your device operating system and apps updated – Vendors often release patches to add new features or functionality. In addition, they often deliver important fixes to known security issues. For convenience, you can configure your device to apply these updates automatically when they become available.

Check back next week for more information on the next Mercantile Bank Security Minute.

Article Written By: John Schulte| SVP, Chief Information Officer| Mercantile Bank of Michigan

Just in time for the holidays, when finances and overspending can be stressful, the new Cash Flow module is now live in our online management tool, MercMoney®. The Cash Flow module offers an easy way to project out your income/expenses (and replace the old checkbook register). 

MercMoney® is integrated into our online banking system and is a great way to empower you to take control of your finances and simplify your life. Budgeting, account aggregation and debt management are a just a few of the tools available, and best of all it’s free with any Mercantile checking or savings account.

Community Bank

It’s easy to set up MercMoney® and the Cash Flow module with a set-up wizard that identifies most re-occurring transactions, allows you to choose/edit future dated transactions and search history for other re-occurring items the wizard may miss. The wizard makes it easy (5-10 minutes) to replace a work intensive spreadsheet or manual process cash flow tracking process.

fintech financial management tool

This module works both for people who want an easy, casual estimate of their cash flow and for those who keep detailed records. It can replace your current checkbook register, spreadsheet, Quicken or paper reconciliation process – with an automated and more efficient cash projection. The mobile version of this module is expected to be released in early 2017 so you can budget while on the go.  

If you would like more information on MercMoney® and the new Cash Flow module visit https://www.mercbank.com/electronic/merc-money.asp or stop in to any of our branches.