Automated Teller Machine (ATM) skimmers are fake card readers and cameras attached to a real ATM. Scammers can quickly read a card’s information and use it to access your account fraudulently. With a small device, your card’s information gets stored so that criminals can easily use it at a later time.

Skimmers may be installed on an ATM, resembling the machine itself. A small device goes over the normal card reading slot and reads your card’s magnetic stripe. Skimmers can also be handheld devices that a dishonest merchant can keep in his or her pocket. For example, when charging your card while you are out at dinner, for example, a scammer can run your card through a skimmer as well.

Organized criminals are installing equipment on legitimate bank ATMs to steal both the ATM card number and the Personal Identification Number (PIN). The equipment used to capture your ATM card number and PIN is cleverly disguised to look like normal ATM equipment. At the same time, a wireless camera may be disguised to look like a leaflet holder and is mounted in a position to view ATM PIN entries. The criminals sit nearby in a car receiving the information transmitted wirelessly from the equipment they install. The thieves copy the cards and use the PIN to withdraw thousands from many accounts in a very short time.

Tips When Using an ATM or Point-Of-Sale (POS) Terminal:

• Inspect ATMs, POS terminals and other card readers before using. Look for anything loose, crooked, damaged, or scratched. Don’t use any card reader if you notice anything unusual.
• Pull at the edges of the keypad before entering your PIN. Then, cover the keypad when you enter your PIN to prevent cameras from recording your entry.
• Use ATMs in a well-lit, indoor location, which are less vulnerable targets.
• Be alert for skimming devices in tourist areas, which are popular targets.
• Use debit and credit cards with chip technology. In the U.S., there are fewer devices that steal chip data versus magnetic strip data.
• Avoid using your debit card when you have linked accounts. Use a credit card instead.
• Contact your financial institution if the ATM doesn’t return your card after you end or cancel a transaction.
• If you see card skimming device, do not use the ATM and report it immediately to your financial institution using the phone number on the front of the ATM.

Phishing is a new twist on an old telemarketing scam, but uses e-mail. In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email (via a link within the email) or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested. These criminals send e-mails to millions of people hoping that even a few will give away valuable information such as their usernames, passwords or credit card numbers. The criminal then uses this information to steal the victim’s identity.

Examples of Phishing Messages
Examples of phishing emails, texts, or pop-ups may have messages such as:

“We suspect an unauthorized transaction has occurred on your account. To help ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

When sending these types of messages, the senders are phishing for your information so they can use it to commit fraud.

To avoid becoming the victim of a phishing scam, Bank Irvine offers the following tips:

• Do not click on links within an email unless you are sure of the sender. Many phishing emails include company logos or appear to come from government agencies, and appear legitimate. However, the links take you to a fraudulent website that has been set up to look and feel just like the legitimate site. Check the URL carefully for differences in spelling, or go directly to the known website without using the link. You may often find an alert on the legitimate site warning that a phishing email has been circulated by fraudsters.
• Never give out your personal or financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem.
• Do not respond to emails that may warn of dire consequences unless you validate your information immediately. Contact the company to confirm the validity of the email using a telephone number or web address you know to be genuine.
• Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves use small transactions in hopes that they will go unnoticed. These small transactions are also used to test the bank account and routing numbers for future use. Report discrepancies immediately.
• When submitting financial information online, look for the padlock or key icon at the bottom of your Internet browser. Also, most secure Internet addresses, though not all, use “https” in the URL.
• If you are a victim of an online or email crime, immediately file a report with the Internet Crime Complaint Center referenced at the bottom of this page.
• For attempted fraud that did not result in the loss of money, you should file a complaint with the Federal Trade Commission. The FTC cannot resolve individual complaints but will share your complaint with local, state, federal, and foreign law enforcement partners. Your complaint might be used to investigate cases or in a legal proceeding.
• If you believe your banking information has been disclosed, contact Bank Irvine @(949)892-1999 or Operations@BankIrvine.com immediately so we can help protect your account and your identity. Forward phishing emails portraying to be Bank Irvine, then delete the email from your system.

Remember: Legitimate businesses do not ask for sensitive information through unsecure channels.

CRA Notice

Community Reinvestment Act Notice

Under the federal Community Reinvestment Act (CRA), the Federal Deposit Insurance Corporation (FDIC) evaluates our record of helping to meet the credit needs of this community consistent with safe and sound operations. The FDIC also takes this record into account when deciding on certain applications submitted by us.

Your involvement is encouraged.

You are entitled to certain information about our operations and our performance under the CRA, including, for example, information about our branches, such as their location and services provided at them; the public section of our most recent CRA Performance Evaluation, prepared by the FDIC; and comments received from the public relating to our performance in helping to meet the community credit needs, as well as our responses to those comments.

At least 30 days before the beginning of each quarter, the FDIC publishes a nationwide list of the banks that are scheduled for CRA examination in that quarter. This list is available from the Regional Director, Division of Compliance and Consumer Affairs, FDIC, 25 Jessie Street at Ecker Square, Suite 2300, San Francisco, CA 94105-2780. You may send written comments about our performance in helping to meet community credit needs to:

 CRA Officer, Bank Irvine, 6201 Oak Canyon, Irvine, CA 92618

and FDIC Regional Director. You may also submit comments electronically through the FDIC’s website at www.fdic.gov/regulations/cra. Your letter, together with any response by us, will be considered by the FDIC in evaluating our CRA performance and may be made public.

You may ask to look at any comments received by the FDIC Regional Director. You may also request from the FDIC Regional Director an announcement of our applications covered by the CRA filed with the FDIC.

P2P Payment Fraud Is on the Rise: How to Combat It

Summary: P2P payments have become increasingly popular, but their most convenient attributes also make them ripe targets for fraud. We discuss tips CFIs can provide customers to avoid becoming victims.

The first known payment currency dates back to around 3,000 B.C. in Mesopotamia, where agricultural symbols were drawn on clay tablets to represent debts owed from one person to another. Metal coins were first minted around 630 B.C. in Lydia (modern-day Turkey) and paper money was first printed in China around 1020 A.D. to facilitate international trade. In 1981, the first electronic payment was made, followed by the first online payment in 1994.

The launch of PayPal in 1998, along with the growing adoption of mobile technology, ushered in what has become one of the most popular forms of payment today: peer-to-peer, or P2P, payments. As with each new type of payment option, P2P payments offer both benefits and risks to consumers and community financial institutions (CFIs).

Roughly two-thirds of smartphone users in the US (or about 170MM people) will send a P2P payment in 2024, and this is projected to increase to three-quarters of smartphone users (or nearly 200MM people) by 2028, according to a forecast by eMarketer. Total P2P transaction volume in the US is projected to increase from $1.4T in 2023 to $2.3T by 2026.

Ripe Targets for Fraud

The main aspects of P2P payments that make them so popular — convenience, speed, and accessibility — also make them ripe targets for fraud. Consumers love the fact that they can transfer money to friends instantly with just a few clicks. Unfortunately, so do thieves and fraudsters, who find it relatively easy to assume others’ identities and steal these fund transfers.

Around 8% of banking customers reported being the victim of a P2P payments scam in a 2023 report by J.D. Power. While still a low proportion, this number will likely increase as P2P payments become more common and scammers become more versed in their tactics on these platforms. More concerning are the losses consumers have reported. The Federal Trade Commission reported receiving around 65K consumer complaints about P2P fraud payments, with consumers suffering $210MM in losses in 2023. These losses have been climbing steadily each year, with 2021 data reporting $130MM in losses and 2022 losses totaling $163MM.

The irreversible nature of P2P payments makes getting stolen money back especially difficult for consumers and challenging for community financial institutions (CFIs), which often were not even involved in the fraudulent transaction.

Common P2P Fraud Scams

There are several different types of P2P payment fraud that consumers need to be made aware of, including the following:

• Unauthorized money transfers. These occur when thieves transfer money out of a consumer’s P2P account without permission by stealing their login credentials, often by using phishing tactics. Thieves usually act quickly and sometimes even change account settings, which makes it hard for victims to stop the transfer and recover their money.
• “Accidental” funds transfers. In this case, thieves send messages to consumers saying that they accidentally transferred money into their account and asking them to send it back. The victim believes the request is genuine and sends the money back, not knowing the money from these supposedly mistaken transfers came from stolen sources or fake accounts. Once the victim’s transfer back of the original funds clears, the thief claims the first transaction as fraudulent and the app reverses it, leaving the victim with a loss in their account.
• Imposter fraud. This scam occurs when thieves trick victims into thinking they’re dealing with a legitimate institution, such as the P2P platform or their bank. Posing as representatives of a familiar institution, fraudsters tell victims that there is suspicious activity in their account and they need to send them money to verify their account or reverse a transaction. The money actually goes to an account controlled by the thieves.
• Fake product purchases. With this scam, fraudsters posing as sellers advertise products on popular online marketplaces like eBay and Etsy. Before shipping products, they request payment via a P2P app. However, the products purchased don’t exist and the thieves simply pocket the money.

 Steps to Protect You:

• Confirm identity of recipients. Consumers should confirm and double-check the name, phone number, email address, and other identifiers of recipients before hitting the send button on any P2P funds transfer.
• Set up account alerts. These will notify consumers via text or email immediately whenever a P2P transaction is initiated on their accounts so they can take quick action if the transaction is fraudulent.
• Use multi-factor authentication (MFA). With MFA, a second form of verification is required, such as a code sent via text or email, before a P2P funds transfer can be initiated.
• Safeguard personal information. Consumers should use extreme caution whenever they’re asked to share sensitive personal information such as account numbers and passwords over the phone or via text or email. Scammers posing as customer service reps can use this information to hack into consumers’ P2P accounts and steal their money.
• Keep P2P apps updated. P2P app updates include the latest security features designed to keep consumers’ accounts safe from intrusion by fraudsters.

Bank-centric funds transfer platforms like Fed Now can offer more security.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel

A new email scam targeting taxpayers has emerged. According to the Taxpayer Advocacy Panel (TAP), taxpayers are receiving emails that appear to be from TAP about a tax refund. These emails are a phishing scam, trying to trick unsuspecting victims into providing personal and financial information. Do not respond or click the links in them. If you receive an email that appears to be from TAP regarding your personal tax information, forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests and does not have access to, any taxpayer’s personal and financial information such as Social Security and PIN numbers or passwords and similar information for credit cards, banks or other financial institutions.

IRS-Impersonation Telephone Scam

An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.

Note that the IRS will never:

1. Call to demand immediate payment, nor will the agency call about taxes owed – generally, the IRS will first mail you a bill;
2. Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe;
3. Require you to use a specific payment method for your taxes, such as a prepaid debit card;
4. Ask for credit or debit card numbers over the phone; or
5. Or threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.

Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but now the IRS is receiving new reports of scammers calling under the guise of verifying tax return information over the phone.

Scam artists call saying they have your tax return, and they just need to verify a few details to process your return. The scam tries to get you to give up personal information such as a Social Security number or personal financial information, such as bank numbers or credit cards.

Mortgage fraud continues to be one of the fastest-growing crimes in the United States. Traditional mortgage fraud includes situations in which consumers, lenders, brokers or real estate agents falsify information to obtain a mortgage. Consumers should never sign mortgage documents that have incomplete or inaccurate information. If you have any information regarding suspected mortgage fraud, please contact us at (949) 892-1999.

• If someone gives you a check or money order and asks you to send money somewhere in return, it’s a scam. That is not how legitimate sweepstakes operators or other companies operate. If you have really won, you will pay taxes directly to the government. Legitimate mystery shopper or account manager jobs do not involve using money transfer services to send money.
• A familiar company name doesn’t guarantee that it is legitimate. Criminals often pretend to be from well-known companies to gain a person’s trust. Find the company’s contact information independently, online or through directory assistance, and contact them yourself to verify the information.
• The check or money order may be fake even if your bank lets you have the cash. You have the right to get the cash quickly, usually within 1-2 days, but your bank cannot tell if there is a problem with the check or money order until it has gone through the processing system to the person or company that supposedly issued it. Sometimes that can take weeks. By the time the fraud is discovered, the perpetrator has pocketed the cash and left you responsible for covering the charge. When the check or money order is returned unpaid, you will have to pay the money back to your bank. You are responsible because you are in the best position to know if the person who gave it to you is trustworthy. If you don’t pay the money back, your account could be frozen or closed, and your credit may be affected. Some victims are even charged with fraud.
• Sending money using a money transfer service is like sending cash – once the perpetrator picks it up you can’t get it back from the service. It’s not like a check that you can stop after you’ve given it to someone or a credit card charge that you can dispute. However, if the money has not been picked up yet, you may be able to stop the transaction. Contact the money transfer service immediately if you think you have been scammed.

• Be suspicious of any offer made by telephone, on a website or in an email that seems too good to be true.
• Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
• Do not respond to an unsolicited e-mail that promises some benefit but requests personal identifying information.
• Beware of ‘work from home’ schemes that are offered on career websites. If they are asking you to open accounts or move money for the company, this is most likely a scam.

Malware is software designed to harm or exploit any programmable device, service or network. Cybercriminals typically use it to disrupt computer operation, gather sensitive information (e.g., financial data, healthcare records, personal emails and passwords, etc.) or gain unauthorized access to computer systems. Malware is usually distributed through malicious websites, emails and software.

Examples of malware include computer viruses, spyware, ransomware, worms, trojan horses and other malicious programs. Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. Typical methods of attack: email attachments, malicious advertisements on popular sites, fake software installations, infected USB drives, infected apps, phishing emails, and even text messages.

Bank Irvine offers the following tips to help reduce the potential release of malware into your computer or network:

• Keep security patches and anti-virus signatures up to date.
• Only open email or instant message attachments that are expected and come from a trusted source.
• Have email attachments scanned by anti-virus programs prior to opening.
• Delete all unwanted messages without opening.
• Do not click on web links sent by an unknown party.
• If a person on your ‘Friends List’ is sending strange messages, files or website links, terminate your instant message session immediately.
• Scan all files with an Internet Security solution before transferring them to your system.
• Only transfer files from a well-known source.

Corporate account takeover (CAT) is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, target small and medium sized businesses to obtain access to their online banking credentials or to seize remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.

The steps of a typical Corporate Account Takeover include:

• Target victims
• Install malware
• Monitor online banking
• Collect and transmit data
• Initiate funds transfer

As a business owner, it is your responsibility to understand how to take proactive steps to avoid, or at least minimize threats.

• If possible, use a dedicated computer for financial transactional activity. The purpose of having a separate computer is to avoid general web browsing and email on this machine.
• Install host-based firewall software on all computers.
• Ensure that anti-virus/spyware software is installed, functional and updated with the most current version.
• Use the latest versions of internet browsers, such as Microsoft Edge, Firefox or Google Chrome with ‘pop-up’ blockers.
• Apply operating system and application updates (patches) regularly.
• Turn off your computer when you are away from your desk, or at least block access to your network by using the Control + Alt + Delete function.
• Review your banking transactions daily and credit report at least annually.
• Do not batch-approve transactions; be sure to review and approve each item individually.
• Educate your employees – You and your employees are the first line of defense against a corporate account takeover. A strong security program paired with employee education about warning signs, safe practices, and responses to a suspected takeover is essential to protecting your company and customers.