October is National Cybersecurity Awareness Month.

The Pegasus team is sharing this newsletter to highlight some of the cyber topics that have captured our interest in 2024. This year we have continued to battle check fraud, scammer attempts through phishing and business email compromise (BEC), and some AI-assisted phone calls. Our approach to defend against these malicious attempts is a layered one. We consistently train our staff against threats, use tools that can detect unusual transactions, and have a zero-trust mindset. And we ask our clients to take the same approach by educating themselves, adding additional security features where available, and always verifying the legitimacy of a request before acting on it. As always, if you have questions regarding what you can do, please reach out to your Pegasus banker. We are here to help.

Do Faster Payments mean Faster Fraud?

Do faster payments mean faster fraud? They can certainly increase the opportunity for fraud, but these risks can be mitigated with proper vigilance. Whether you are sending or receiving the funds, here are some extra steps you should take to prevent a loss.

Need to send a wire transfer?

A wire transfer is a credit-only method of transmitting money electronically. Once the funds have arrived in the beneficiary’s account, they cannot be recalled. Wire transfers are typically used for large-dollar transfers where funds need to be received immediately. Fraudsters are using Business Email Compromise (BEC) schemes to trick the sender of a wire transfer to change the routing and account number in the instructions to route a payment to a different account not owned by the intended beneficiary. If you receive a request to change banking instructions, you should always call the beneficiary at a number you have on file to verify the instructions

Want to send funds within an few minutes?

Zelle is a fast, easy way to send money to another person. This account-to-account transfer allows users to send and receive funds directly to their bank accounts. Transfers are typically for lower dollar amounts, and payment details only include the individual’s name and cell phone number or email address. Fraudsters may try to connect with you via a text message or phone call. Once you click on the text or acknowledge the call, they will attempt to convince you that they are trying to assist you with something that requires immediate action. These scams usually fall under some sort of “tech support” or “card support” ruse. The fraudster will then stay on the line with you while you are logging into your banking app. They may even say they are sending a one-time code for verification and ask you to read this back. Once they’ve logged into your app, they can send a Zelle payment. NOTE: Pegasus Bank will never call you unexpectedly and ask you to provide sensitive information. If you believe a phone call is not valid, please hang up and reach out to us directly.

This is an exciting time for the U.S. banking industry. There are two new payments platforms in the United States that provide “faster payments” or “instant payments”: The Clearing House’s Real Time Payments (RTP) network and the Federal Reserve’s FedNow service.  Pegasus Bank is live with the ability to receive payments through both of these services. We will continue to monitor the market to ensure we have the products our consumer and business clients need.

Social Engineering and How to Protect Yourself

Cybercriminals use social engineering to trick you into revealing sensitive information. Social engineers exploit our natural instincts—trust, urgency, and the desire to help. A moment of inattention could lead to a costly mistake. Think you’re too savvy to be fooled? Think again. Even tech giants have fallen victim to these types of schemes!

Stay sharp with these tips:

• Question the Urgent: Verify unexpected requests before taking action. Use a different communication method than the original request.
• Spot the Red Flags: Watch out for unfamiliar links, attachments and unusual requests. Hover over links to see the actual URL.
• Use Multi-Factor Authentication (MFA): Enable MFA on accounts when available, to add an extra layer of security.
• Pause and Think: If something feels off, it probably is.
• Stay Informed and Trained: Subscribe to cybersecurity blogs, podcasts or newsletters and stay updated on the latest social engineering tactics.

My Personal Information Has Been Compromised in a Breach, Now What?

If you’ve been notified that your personal information was compromised in a data breach, it’s essential to take immediate action to protect yourself:

1. Confirm the Breach – Verify the legitimacy of the notification by checking news reports or the company’s website. Scammers may use fake breach notifications to trick you into revealing more information.
2. Monitor your Accounts – Closely monitor your bank, credit card, and other financial accounts for unusual activity. Set up alerts for any suspicious transactions or login attempts.
3. Change Passwords – Change passwords for any accounts associated with the breached service, especially if you use the same password across multiple sites. Create strong, unique passwords for each account, and consider using a password manager.
4. Enable Two-Factor Authentication (2FA) – For accounts that offer 2FA, enable it to add an extra layer of security, as it requires both your password and a second verification step.
5. Freeze your Credit and Monitor your Credit Reports – Contact the major credit bureaus (Equifax, Experian, and TransUnion) to place a credit freeze. This prevents anyone from opening new credit accounts in your name without your consent. You are entitled to free credit reports from each bureau annually; use these to monitor for unauthorized credit accounts.
6. Be Alert for Phishing – In the aftermath of a breach, be cautious of phishing emails or calls pretending to be from the breached company. Avoid clicking on suspicious links or sharing sensitive information.