Your Financial Safety

Protect Yourself

View this simple infographic about protecting yourself from CHECK WASHING SCAMS (provided by The American Bankers Association).

Ways to Help Prevent Check Fraud

Use Online Bill Pay

You can safely and securely make payments online without writing checks, while also saving on postage stamps and time. You can also protect your personal information by avoiding sending physical checks through the postal system. With online bill pay, you don’t have to wait for days and weeks to see if your mail has been delivered and cleared through your bank; you have full control over when to make the payments. Once you set up online bill pay, you can know exactly how many days it will take for the online bill payment to be delivered.

Use Zelle to Transfer Money

Peer-to-peer money transfer apps like Zelle and Venmo allow users to move funds from one bank account to another. These apps offer a safe and easy way to pay someone and, in some instances, businesses. All you need is the receiver’s U.S. mobile number or email address. Senders and receivers do not need to share their bank information or bank at the same institution. Once money is sent via Zelle or Venmo, the funds are typically received in minutes.

Use Caution When Writing or Sending Checks

Criminals often steal mail to get their hands on your checks and use them or the account information they contain to commit fraud. Avoid sending checks through the mail and consider using online bill pay, Zelle and wire transfers as safe and secure alternatives.

Use High-Security Checks

Checks with a printed padlock icon are certified by Check Payment Systems Association, an organization dedicated to promoting paper payment systems, as an enhanced security check. However, these certified checks only need to have three safety features in order to be certified. To make using checks more secure, banking customers can purchase secure checks with more safety features. In addition to choosing checks with a higher level of security, be sure to always use black ink when writing a check and to write out the full name of the payee in large print.

Use Chemically Reactive Paper

When choosing checks, be sure to choose those made of chemically reactive paper. That way, if a fraudster tries to wash the check, the alteration will be noticeable. Most major check providers use chemically reactive paper, so check with your provider to make sure your checks have this feature.

How to Identify Fraud

Watch for unauthorized or unusual activity on your account.
  • Monitor your transaction history regularly. You can instantly access your accounts and statements through our online banking tool. If you receive paper statements, make sure to open and read through them to watch for unauthorized transactions. If you see something suspicious, call your closest branch or our call center (716-366-4070).
  • Watch out for other signs of fraud, including being denied credit unexpectedly, receiving credit cards you never applied for, or receiving calls from collection agencies seeking payment for items you never purchased.
  • Take steps to increase your security, including keeping your contact information up-to-date with the Bank, creating strong passwords, and keeping your devices up-to-date with the latest browsers and operating systems.
  • Familiarize yourself with common scams. Scroll down to read more information on different types of tricks that scammers are using to steal your personal information.
Be on the lookout for suspicious emails.
  • Fraudulent emails usually imply urgency, and attempt to get you to act quickly before you have time to think clearly and carefully examine the message. Fraudulent emails often won’t address you by name and may contain spelling and grammatical errors.
  • If you hover over a link in a fraudulent email without clicking it, it will usually show you that it’s pointing to a site different than the one stated in the message. Fraudulent emails will often try to get you to click though to a website where you’ll be asked to enter personal information or open a malicious attachment. You should immediately delete any email you suspect to be fraudulent.
  • Never click on a link in an email unless you are absolutely certain who sent you the email and where the link is taking you to. Lake Shore Savings Bank will never ask you for personal information such as your account number, card PIN, or Social Security Number.
Watch out for suspicious text messages.
  • Fraudulent texts are also designed to generate a sense of false urgency. They often won’t address you by name and may contain spelling and grammatical errors.
  • Fraudulent texts often promise free gifts in exchange for your personal or bank account information. Never click a link in a suspicious text message, as it could result in malware being loaded on your device.
  • If you suspect a text is fraudulent, do not respond to it.

What to Do If You Think You’ve Been the Victim of Fraud

If you think that you’ve been the victim of fraud, you should contact us immediately:

  • By phone, by calling 1-800-336-6116
  • By secure message, by logging in to your online banking account, clicking your name (in the upper-right corner of the page), then clicking “Contact Us” (select the “Contact vis Secure Messaging” option).

Common Scams

Hurricane Related Phishing Scams – Even though Western New Yorkers don’t usually have to worry about hurricanes, cybercriminals tend to use hurricane relief as a method to exploit consumers. The Department of Homeland Security advises people to exercise caution in handling any email with a subject line, attachments, or hyperlinks related to a hurricane, even if they appear to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from charitable organizations commonly appear after natural disasters.

Arrest Scam – Callers claiming to be from a government agency state that the consumer will be arrested for failing to pay taxes or a fine; but they can avoid arrest by paying over the phone with a prepaid card or wire transfer. Recommended action: Hang up and contact the agency directly using a phone number from an independent source, such as a past bill or online search.

Business-to-Business Emails Scam – An email is received from a high-level executive in a company purporting to authorize payment for a seemingly legitimate purpose. Actually, this scammer’s email address is very similar to the legitimate executive’s email. Recommended action: Before initiating any payments, follow up directly with the executive using a known email address or phone number.

Reverse Mortgage Scam – Callers offer home refinance assistance that sounds too good to be true. Recommended action: Always seek out your own mortgage counselor and refuse to sign anything that you do not fully understand without an attorney present.

Tech Support Scam – A pop-up window appears that looks like an error message from your operating system or antivirus software. The pop-up warns of a security issue on your computer and directs you to click on a link for assistance. Recommended action: Never click on pop-up links. Contact the operating system or antivirus company directly for tech support using the number on their website.

Money Mule Scam – Emails direct you to move money from your personal bank account for purposes that seem legitimate. Recommended action: Always be wary of emails requesting access to your bank accounts. Look for warning signs and conduct your own research before agreeing to participate. Notify the appropriate authorities if you have any concerns.

Door-to-Door Scam – Door-to-door salespeople visit, sometimes wearing realistic uniforms/badges. Recommended action: Make it a policy to never buy products or services from door-to-door salespeople. If you do decide to make a purchase, contact the company directly to verify the salesperson’s credentials.

Medicare/Healthcare Scam – Alleged Medicare representatives call asking for your Medicare or Social Security number. The scammer then bills Medicare for products and services that you never received. Recommended action: Never provide personal information on the phone unless you verify the caller’s credentials. Review your Medicare Summary Notices for errors and report suspicious behavior to the Medicare Fraud Tip Line at 1-800-HHS-TIPS.

Telephone Scam – Callers pitch an “unbelievable” opportunity. All they need from you is your personal information. Recommended action: Never provide personal information over the phone. Hang up and do not press any buttons on your phone when you receive a robocall. Do not pick up or return a call that appears on the caller ID to be coming from your own phone number.

Romance Scam – Romance scammers contact their victims through online dating websites/apps or social media. The scammer’s intent is to establish a relationship with the victim and use that relationship to dupe them out of money, usually for an “emergency.” Recommended action: Always be wary about the personal information that you post or share. Assume that con artists are trolling even the most reputable sites. If you develop a romantic relationship with someone you meet online, research their identity and be suspicious of any requests for money or personal information.

Sweepstakes Scam – You are notified that you have won a contest or the lottery; but to claim your prize you must first pay fees or taxes. Recommended action: No real lottery or sweepstakes will ever request money in advance. Do a quick internet search to verify a sweepstakes if you are concerned about it’s legitimacy.

Online Dating Scams – Online dating scams begin when someone registers on a dating website or app. Often, the website or app is perfectly legitimate, but that doesn’t stop scammers from creating fake names and profiles and reaching out to potential victims. Usually, the scammer claims to live outside of the United States. While the correspondence starts on the dating website or app, it often moves into personal email, texts, or even phone calls with the victim. As the trust of the victim is gained by the scammer, he/she professes romance and often marriage intentions to the victim. Ultimately, the scammer will begin to ask for money from the victim for various fictitious scenarios, including travel expenses, visas, help getting out of a difficult situation, medical emergencies, or help for a needy relative.

Overpayment Fraud – Overpayment fraud can occur over the internet when a victim advertises for something like an apartment rental or the sale of a vehicle. In this scam, a “customer” makes a fraudulent or counterfeit payment to the victim that is significantly larger than the original sum agreed upon for the product or service for sale. The victim is then asked to deposit the whole payment into his or her bank account and pay the “overpayment” back to the scammer.

The Stranded Victim Scam – This scam happens when a criminal hacks into an individual’s email address book and uses the contact list to send out emails claiming to be stranded in a foreign country and in desperate need of help. The email appears to be from a friend because it comes from their email account. The criminal will ask for money to be wired to them to help them out of “a bad situation” when it’s really a fictitious story. Be wary of ANYONE who asks you for money through email and always verify the identity of the person asking by communicating with them through a different channel.

“Pig Butchering” Scams – Did you know that cybercrime can involve elements of human trafficking? Shāz Hū Pán, otherwise known as “pig butchering,” is an increasingly prolific financial fraud scheme, which combines elements of traditional romance and investment fraud while targeting people trafficking and modern slavery victims. Pig Butchering works by criminal networks placing fake job advertisements to attract young people from China and other countries. These individuals are then held, against their will, in secure compounds where they are forced (under threat of violence) to commit cyber enabled fraud against victims largely located in Western countries including the U.S. and Europe.

Phone Scams – The New York State Police offer the following tips to protect against various phone call scams:

  • Take a pause. Scammers create a sense of urgency to prey on victims’ emotions and their love for family members.
  • Verify any supposed emergency by calling friends and family before sending money. This is especially important if a potential victim has been warned not to do so by the caller.
  • If the caller purports to be a bail bondsperson, ask where the relative is being held and contact the facility directly.
  • If a caller purports to be a law enforcement officer, get the exact agency name and then hang up and call that department directly.
  • Be suspicious of anyone who calls unexpectedly asking to be sent money.
  • Never send cash through the mail.

Microsoft “Security Office” Scam – The New York State Police have recently alerted the public to a computer scam that is happening in Western New York. When logging on to a computer, a message is displayed on the screen that instructs the user to contact Microsoft due to a virus. When the victim calls the provided phone number, they are connected to a person who identifies themselves as a representative of Microsoft’s “Security Office.” the victim is then told that their bank account information is compromised.

Remote Access Trojans – Remote Access Trojans (RATs) are malware that is disguised within links, software, or applications that, when inadvertently activated by the user, can infiltrate personal and financial information. There have been cases of QR code reader applications (available in mobile device stores) that were actually RATs and worked as a QR code scanner, but also side-loaded malware into the device it was downloaded to. A good way to severely limit these types of breaches is to download well-known and trusted software and applications with 10 million or more downloads and with a high “star” rating. Take time to do some research if you are unsure of any application available in the mobile device store you use. Look for reviews and to trusted resources whenever you download an application.

“Juice-Hacking” Scam – Juice-hacking happens when someone manipulates a public USB port or charging cable to steal information. The FBI recently issued an alert encouraging people to avoid using free electric charging plugs at airports, bus stops, shopping centers, hotels, and other public places. The safest way to avoid juice-hacking is to use a charger in an AC power outlet and by carrying your own personal charger during travel. Additionally, you can use a charging-only cable with a USB data blocker, which prohibits data transfer while charging.

Online Account Takeover Fraud – Online Account Takeover occurs when someone other than an authorized account holder gains access accounts online. Fraudsters typically use phishing scams as a way to install virus or malware (malicious software) on a computer. When a user clicks on the link in a phishing email, the virus or malware is downloaded and an alert is sent to the fraudster every time the user logs into a secure site (such as online banking). User information from the secure site is then logged by the virus or malware and sent to cyber thieves, which may allow them access to the user’s accounts without the user’s knowledge.

The Business E-mail Compromise – The Business E-mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the “Man-in-the-E-mail “Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam. The fraudulent wire transfer payments sent to foreign banks may be transferred several times but are quickly dispersed. Asian banks, located in China and Hong Kong, are the most commonly reported ending destination for these fraudulent transfers. There are many versions of the scam, but here are three examples:

  • Version 1 – A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
  • Version 2 – The e-mail accounts of high-level business executives (CFO, CTO, etc) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
  • Version 3 – An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.

Puppy Scams – A puppy scam is when scammers post fake litters online or pretend to be someone they’re not (usually an existing breeder) to take advantage of puppy sales (without the actual puppies.) If you are considering buying a puppy, be careful! If you’re not careful, you could find the perfect puppy, send the “breeder” your money, and never receive a puppy or any follow-up communication in return. The American Kennel Club has tips to avoid puppy scams on its website (click here for more).

More Resources

For Consumers

Federal Trade Commission (FTC) Online Privacy and Security Page – this website provides insights into online privacy, safeguarding your devices against bad actors, and avoiding online scams.

The National Cybersecurity Alliance (NCSA) – this website provides information and educational programs for protecting the technology individuals use, the networks they connect to, and their digital assets.

FTC Identity Theft Page – on this website, consumers can learn how to avoid identity theft and learn what to do when their identity is stolen.

FTC Data Security Page – this website includes a list of educational documents discussing information security, information about data security related laws, reports, workshops, and more.

For Businesses

Better Business Bureau Cybersecurity Resources – this website was created to educate small businesses on the common data security issues they face. The site presents data security guidelines and suggestions to help improve the security posture of small businesses.

National Institute of Standards and Technology (NIST) – this guide identifies recommended practices to improve information security in small businesses.

National Automated Clearinghouse Association (NACHA) – this website was created to help companies identify and address current fraud threats. There are documents and resources available on this page that can help companies of all sizes in the development, implementation, and review of their security procedures.