Skip Navigation Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,download Adobe® Acrobat Reader.
FDIC-Insured - Backed by the full faith and credit of the U.S. Government
First State Bank of De Queen

Customer Education Center

Phishing, vishing, and smishing, Oh My!

Cybercriminals use a number of techniques to commit fraud. Some of the most effective are phishing, vishing, and smishing. We often times will lump these together in just a phishing category, because they are all basically the same tactic, but the channel that is used is different for each one. The name comes from exactly what it sounds like: fishing! When it comes to fishing, you bait your hook and cast it in the water and see if you can get something to bite. Phishing is the exact same: someone sends an email, text, or even starts a phone call, just to see who will "bite". 
 
Over the years, and especially since Artificial Intelligence (AI) has become more prevalent, it's becoming harder and harder to distinguish what is real and what is not. These attempts almost always create urgency and/or fear from the victims to get them to respond.
 
So how do you know the difference? First, lets take a look at what each type of phishing really is.
 

Phishing

In this type of attack, threat actors will use carefully crafted emails that will try to get you to click on a link or open an attachment to deliver malware to your device, or redirect you to copy-cat websites to get you to enter your credentials in order to steal them. Within this type of phishing, there are several different categories:
 
Email Phishing
This is the most basic type of phishing. A threat actor creates an email and sends it out to as many people as possible to see if they can get someone to respond. These actors will send out thousands of emails, just to get 50-100 people to respond. 
 
Spear Phishing
This type of phishing is more targeted to specific individuals or organizations. Threat actors will comb social media to find information about you: where you work, where did you go to college, where do you kids go to college, etc. Then they will craft an email that looks like it came from an organization that you are associated with and typically ask for money.
 
Whaling
This is just like it sounds: phishing that is targeted to big fish. Think high-profile executives like CEO's, CFO's, business owners, etc. These types of attacks are even more specific and typically involve much larger transactions due to the access and authority these types have to funds.
 

Vishing

Vishing is a type of phishing that the threat actor uses a voice call instead of an email. In a vishing scenario, threat actors will use specialized software to spoof a phone number and then attempt to impersonate a legitimate representative from that spoofed phone number. For instance, we have had customers call us to let us know that someone calling from our number, the caller ID shows First State Bank of De Queen, contacted them and said they represented the bank. With AI, a threat actor can even use a sample of someone's voice from an online video to completely impersonate the person they claim to be.
 

Smishing

Smishing is when threat actors use SMS text messages to attempt to get you to click on a link to get you to reveal sensitive information. The channel is different, but the message is basically the same: click here so I can attempt to defraud you.
 

How can you protect yourself?

That's a great question, and in fact, THE question to ask. Given the state of how legitimate these emails, calls, and texts are becoming, it's harder and harder to not fall victim. However, here are some things you can do to help protect yourself:
  • Does the email, call, or text create a sense of urgency? "Your subscription is expiring", "Payment needed by 4:00PM", "Send money to avoid an IRS audit", etc. These are examples of an immediate response being required. If you receive an email, call, or text creating this type of urgency, the best thing you can do is slow down. Take time to process what's really happening. Chances are, the email, call, or text is fraudulent if it wants that type of response.
  • Does the email look legitimate? Are there misspellings, grammatical errors, or generic greetings? If so, it's likely a phishing message.
  • Was the email/text expected? Do you actually do business with the person/company sending you the email? Call the company back at a phone number that is NOT included in the email/text. Use a good/known phone number to call them back on.
  • If receiving a phone call, do not give out any information. Call the company back using a good/known phone number to confirm they are legitimate.
  • Use Multi-factor Authentication (MFA) on your accounts. This is where you have to enter a code after entering your username and password. It's an added layer of protection so that even if threat actors have your username and password, they will still need your security code to gain access to those platforms (online banking, credit card sites, etc.) that use MFA.
  • Never share your sensitive information, especially if you did not initiate the conversation. At First State Bank, we will never call you out of the blue and start asking for your login credentials, social security number, or any other sensitive information. If receive a call from us and someone starts asking for that information, immediately hang up and call your local branch to report it.

 

Be Aware of False Google Ads

An emerging trend used by cybercriminals is the purchasing of Google Ads that link to a fraudulent website in an attempt to steal login credentials to a financial institution's online banking website.

How does it work?
The criminals create a fraudulent site that looks exactly like the legitimate online banking site. They then purchase Google Ads with a stolen identity and link these ads to the fraudulent site. Customers then perform a search for their institutions website and the first result will be the Google Ad. Once the customer has clicked on the link, they proceed to the login page where they enter their username and password. Once they have entered their credentials, they are presented with what appears to be an error message or something similar. At this point, the criminals now have the online banking credentials and can access the customers online banking account.

How can I protect myself?
The simplest way to protect yourself against this type of fraud is to simply bookmark or favorite the institutions website. When you need to access the site, simply click on the bookmark or favorite and know that you will be taken to the legitimate site. Another way to help ensure you are accessing the legitimate site is to type in the URL of the site in the address bar. For First State Bank of DeQueen customers, you can type "fsbdequeen.com" in the address bar and access our site directly.

If you do perform a search to find our website, do not click on any Ads. These are typically denoted with the word "Ad" immediately before the website name.

What should I do if I feel I have fallen victim to this?
Contact your financial institution immediately. They can reset your password which should block access using your credentials, or they can disable your account altogether. Once this is done, continue to monitor your account for any suspicious activity. If there are transactions that are suspicious, report them to you institution immediately.


Cyber Security Updates

As our lives become busier and busier, it's becoming more important to have access to our banks at all hours of the day. While technology allows us to achieve that goal, it also opens us up to the threat of identity theft and fraud. At First State Bank of DeQueen, we take the protection of you and your information very seriously and have put in place many safeguards to provide that protection. In addition to those safeguards that we have in place, there are additional steps that YOU can take to help insure that you have a safe online experience.

The Customer Education Center is designed to provide you with tips and resources you can use to protect yourself not only during your online banking session, but when accessing any website. We are committed to making sure you have a safe online experience. Below are some simple steps that you can take to make your online experience safer:
 
  • Use a respected anti-virus/anti-malware product and keep it up-to-date.
  • Keep your operating system patched and up-to-date.
  • Use an updated browser when browsing the internet.
  • Never open attachments or click on links in email's that you were not anticipating.
  • Never give out your account credentials through an email.
  • Change your passwords periodically.
  • Avoid using the same password for multiple accounts.
  • Only visit trusted websites.

Following the steps above will help you have a more secure browsing experience.

FTC introduces new Cybersecurity Resources for Small and Medium Sized Businesses

On October 18, 2018, the Federal Trade Commission launched a new website for small and medium sized businesses that provides them with many resources to help prevent cyber attacks. We encourage you to visit the site and see many of the simple ways you can help protect your business against a cyber attack.

Guard Against Phishing Emails

In the world of cyber-crime, phishing has become the most effective way in which criminals can still someone's identity. While we are not talking about your grandfather's type of fishing, the concept is essentially the same. Criminals send out specifically crafted emails that look like legitimate emails, from say FedEx or UPS, or perhaps a retailer you shop with. Within the email could be an attachment or a link that takes you to a malicious site that looks just like the real thing. If you open the attachment, it will attempt to download malicious code to your computer. If you click on the link, it will try to download malicious code to your computer through a vulnerability in your browser. They send out thousands of emails attempting to get a few "bites", just like your grandfather did! So what do you do? Quit receiving email? Stay off the internet? Unfortunately, many of us are entrenched in the internet so getting off of it entirely is out of the question. You can follow some of these steps to help reduce your risk:

  • If you were not expecting the email, don't click on any links or open any attachments. Just delete it!
  • If you are unsure if a link is safe, you can normally hover over the link and it will give you the website it's going to take you to. If this site looks nothing like the company that sent you the email, it's probably bad news.
  • Inspect the link carefully. Sometimes the website it takes you to closely resembles the actual site it claims to take you to, with just one or two letters being off in the name.
  • Check for misspelled words within the email. These types of email normally contain many misspelled words or sentences that just don't make sense.
  • If the email sounds too good to be true, chances are it probably is.
  • Keep your computers patches up-to-date. If you are using Windows, turn on Automatic Updates and set it to automatically install them.
  • Use an anti-virus product and keep it up to date.

Resources

Report Identity Theft
If you have been the victim of Identity Theft, you can report it here.

StaySafeOnline.org
For tips and advice that you can use to stay safe online.

FS-ISAC Security Tips Newsletters
2024-07 Security Tip Newsletter - Keeping an Eye Out For Telcom Attacks

2024-06 Security Tip Newsletter - Protecting Vulnerable Adults

2024-05 Security Tip Newsletter - Spotting Romance Scams

2024-04 Security Tip Newsletter - Protecting Our Children
 
2024-03 Security Tip Newsletter - Protecting Your Identity