Banner Image

Praying for Texas

Friends and Neighbors, We have all seen the devastation and losses the recent flood has brought to the Texas Hill country, Central Texas, and the San Angelo area. We all continue to pray for those yet to be found and those lost.

Learn More Here Don't show again
Close Icon
Blog
Locations & Hours
Contact Us

Cyber News

HomeResourcesCyber News





IMPORTANT NOTICE: First State Bank of Uvalde will not initiate communication with customers by email, text message, or by telephone to inquire about recent transactions or request important personal information such as your name, account number, date of birth, social security number, card numbers, personal identification number (PIN) or security codes associated with your Debit Card, or your Online Banking User ID or password.
 
For more security tips visit our Security Tips Page!
 


 

Scam of the week 8/06/2025

 

Smishing in the Amazon

In this week's scam, you receive an unexpected text message that looks like it’s from Amazon. The message claims that an item you bought failed a “routine quality inspection” or has been recalled. The text offers you a full refund, and you don’t even need to return the item. You only have to tap a link in the text message to get your money back.
However, the refund offer is a trick, and the message is not actually from Amazon. This message is a text phishing scam that was sent to you by cybercriminals, also known as smishing. If you tap the link in the message, you will be directed to a fake website that looks exactly like Amazon's official site. This site will ask you to enter your account login information, payment details, and other personal data. If you enter any information here, the cybercriminals can steal your Amazon account and money!
Follow these tips to avoid falling victim to a smishing scam:
  • Never tap links in an unexpected text message. If you need to contact Amazon regarding a purchase, always navigate to their official website and use the contact information listed there.
  • Be cautious of any offer that promises a full refund without requiring you to return the item. Scammers use these “too good to be true” offers to make you act quickly without thinking.
  • Report suspicious texts using your phone’s “report junk” option, then delete the message.


Scam of the week 7/23/2025
 

This Job Doesn't Pass a Background Check

In this week's scam, cybercriminals are targeting job-seekers. Let’s say that you’re searching for work using a job site such as ZipRecruiter or LinkedIn. You come across a job posting that seems suspiciously good. The position appears to be with a well-known organization and offers a high salary for what seems to be an easy role. You apply, and within a day, you receive a follow-up email from a "hiring manager."
The hiring manager wants to meet with you and asks you to click a link so that you can confirm your direct deposit information before the interview. You are taken to a page that asks you for your credit card information, Social Security number, and home address. The catch is that the job you applied for was actually fake and posted by cybercriminals. If you enter any personal or financial information on the page, they will be able to steal it!
Follow these tips to avoid falling victim to a job scam:
  • Be suspicious of jobs with unusually high pay. If a salary seems too good to be true, it probably is.
  • Use extreme caution before providing any personal or financial information, until you are sure that the employer and job offer are legitimate.
  • Pay attention to the job recruiter's contact information. Scammers often use phone numbers or email addresses that aren’t affiliated with the organization they claim to work for.


Scam of the week 7/23/2025

Hidden Gems

In this week's scam, cybercriminals are using Google Workspace's Gemini AI tool to try to trick you in an unusual way. You receive an email that appears ordinary, and it doesn’t have any suspicious links or attachments. But if you ask Gemini to summarize it, the results seem alarming. Gemini’s summary of the email shows you urgent warnings about your password being compromised, along with a support number for you to call so that you can resolve the problem. However, this warning from Gemini is completely false!
Cybercriminals have hidden invisible text in the email. This text contains false information about your account being compromised, and it includes a fake support phone number for you to call. You can't see this hidden text, but Gemini can, and the AI tool uses this text when creating the summary. The result looks like a real security alert from Google. If you call the number provided, your call will be answered by a cybercriminal who will try to trick you into giving them your account’s login information!
Follow these tips to avoid falling victim to this AI-powered scam:
  • Don't trust urgent security alerts that show up in an AI-generated summary. Real Google security alerts won't appear in a Gemini summary.
  • Never call phone numbers that appear in an email or an AI summary, especially if the request seems urgent or unexpected.
  • Remember that AI tools like Gemini can be manipulated. If a summary shows urgent warnings or asks you to do something that wasn't clearly in the original email, it's probably a scam!
 

Scam of the week 7/16/2025


In this week's scam, cybercriminals are trying to trick you with PDFs that contain malicious content. You receive an email with a PDF attachment that appears to be from a major organization like Microsoft, DocuSign, or PayPal. The subject of the email seems alarming and makes it appear that you have an issue with your account. If you open the PDF attachment, it contains official logos and professional formatting. It appears legitimate, and the instructions direct you to call a customer service phone number.
But this PDF file is actually a phishing attempt. The phone number is fake, and if you call, a cybercriminal will answer and pretend to be a customer support representative. They will try to trick you into installing malware on your device. They will also try to manipulate you into giving them your user credentials or financial information so that they can solve the “problem” with your account. This type of scam can be very effective because you may be more likely to trust a voice over the phone, especially if they claim that they are trying to help you!
Follow these tips to avoid falling victim to a phishing scam:
  • Be suspicious of unexpected emails, especially those containing attachments. You should never open an attachment unless you are sure who sent it.
  • Be cautious when contacting an organization using information provided in an email. It's always safer to use the contact information listed on an organization's official website.
Remember that legitimate organizations rarely send urgent requests through PDF attachments. Cybercriminals will often attempt to create a sense of urgency to trick you into acting impulsively.


 

FCC Scam Alert 
 

What is 'Juice Jacking' and Tips to Avoid It

Planning to travel? No doubt you'll have your cell phone or another portable device, and you'll need to re-charge it at some point.

If your battery is running low, be aware that juicing up your electronic device at free USB port charging stations, such as those found in airports and hotel lobbies, might have unfortunate consequences. You could become a victim of "juice jacking," yet another cyber-theft tactic.

Cybersecurity experts warn that bad actors can load malware onto public USB charging stations to maliciously access electronic devices while they are being charged. Malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can then use that information to access online accounts or sell it to other bad actors.

Although "juice jacking" has been demonstrated to be technically possible as a proof of concept, the FCC is not aware of any confirmed instances of it occurring.

Here are some tips to guard against "juice jacking:"

  • Using AC power outlets can help you avoid any potential risks, so be sure to pack AC, car chargers, and your own USB cables with you when traveling.
  • Carry an external battery.
  • Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, from a trusted supplier.
  • If you plug your device into a USB port and a prompt appears asking you to select "share data" or “trust this computer” or “charge only,” always select “charge only.”

Public WiFi networks are another way that cyber criminals target travelers. To learn more about mobile phone and online security, check out the FCC consumer guide: Wireless Connections and Bluetooth Security Tips.



https://www.asurion.com/connect/tech-tips/what-is-juice-jacking-and-how-to-avoid-it/

 




Scam of the week 7/02/2025

A Fine Way to Get Scammed

In this week’s scam, you receive a text message that appears to be from the Department of Motor Vehicles (DMV). The text states that you must pay a traffic fine by a certain date. If you don’t pay on time, your vehicle registration will be suspended, and you’ll lose your driving privileges. Some versions of the message even state that you’ll go to jail or your credit score will be affected if you don't pay.
The text message contains a link and instructs you to click it so that you can pay the fee. However, these messages aren’t sent by the DMV. They’re actually phishing texts (smishing) sent by cybercriminals. There was never an actual traffic fine or penalty. If you click the link in the text message and make a payment, your money will go directly into the cybercriminals’ pockets!
Follow these tips to avoid falling victim to a smishing scam:
  • Be cautious if you receive text messages claiming you must pay a fine immediately. Scammers often create a sense of urgency to trick you into acting impulsively.
  • The DMV wouldn’t ask you for personal information or money through a text message. If you have questions about paying a fine, contact your local DMV through its official website or phone number.
  • This scam targets users in the United States. However, cybercriminals can use these same tactics to try and trick users anywhere in the world. Always stop and think before you click!






Scam of the week 6/25/2025

Don’t Sail with These Scammers

This week, cybercriminals are targeting travelers by using online advertisements as part of a scam, also known as “malvertising”. If you book an ocean cruise and have questions about your reservation, you probably search Google to find a customer service phone number. The top search result is a sponsored Google Ad that appears legitimate, and even contains a phone number.

If you call the number in the ad, you are connected to an “agent” who claims to have found a much cheaper deal for your trip. They offer to cancel and rebook it at the lower rate, but they will need your credit card number to secure the deal for you. However, this person doesn't work for the cruise line. The ad is fake, and the number you called connects you to a cybercriminal. They don’t actually want to help you with your travel plans, but they do want to steal your credit card number and money!

Follow these tips to avoid falling victim to a malvertising scam:
 

  • Beware of big discounts or prices that are suspiciously low. If a deal seems too good to be true, it probably is.
  • Remember that anyone can purchase Google Ads, including cybercriminals. Just because an ad looks official doesn’t mean it’s safe to click.
  • Always contact cruise lines directly through their websites and official phone numbers. If you’re new at booking travel, contact a reputable travel agent for help.




 
 
 

Roughly 16 billion passwords have leaked online, including from Google, Facebook and Apple

NEW YORK — Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals “unprecedented access” to accounts consumers use each day.



Russian Threat Actor Uses Social Engineering to Compromise Google Accounts

Researchers at Google observed a Russian state-sponsored phishing campaign that attempted to compromise users' Google accounts by tricking them into handing over application-specific passwords. The attackers built trust by conversing with the victims before initiating the attack.
"In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russian state-sponsored cyber threat actor impersonating the U.S. Department of State," the researchers write.
"From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application-specific passwords (ASPs). Once the target shares the ASP passcode, the attackers establish persistent access to the victim's mailbox."
ASPs are legitimate features included with Google accounts, but many users are unfamiliar with them and may inadvertently fall for this attack.
"Targets who responded received an email with a benign PDF lure attached. The State Department themed lure is customized to the target and contains instructions to securely access a fake Department of State cloud environment.
"This included directing victims to go to https://account[.]google[.]com and create an Application Specific Password (ASP) or 'app passwords.' ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV). To use an ASP you must set it up and provide a name for the application."
Google notes that setting up an ASP isn't recommended and usually isn't necessary. Users should avoid this feature unless they know what they're doing, and you should be very suspicious if a third party asks you to set up one of these passwords.
"Users have complete control over their ASPs and may create or revoke them on demand," Google explains. "Upon creation, Google sends a notification to the corresponding account Gmail, recovery email address, and any device signed in with that Google account to ensure the user intended to enable this form of authentication."
KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Human Risk Management platform to strengthen their security culture and reduce human risk.
Google has the story:
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia
 


Europol Warns of Social Engineering Attacks

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.
"Social engineering, which exploits human error to gain access to systems or personal information, stands out as a prominent technique used by criminal actors in this context," Europol says. "Initial Access Brokers (IABs) have been increasingly focused on using such techniques for the acquisition of valid account credentials as an entry point to the victims' systems.
"This initial access can then be leveraged in a multitude of ways by criminal actors. For example, access credentials for remote services are widely used by ransomware groups and their affiliates to compromise corporate networks, which can lead to data theft (exfiltration) and the deployment of ransomware."
The report also warns of a surge in infostealer malware, allowing criminals to gather information that can be used in future attacks.
"Phishing techniques are the main vector for the distribution of infostealers," Europol says. "Criminals use a variety of methods to achieve this, including sending emails, text messages, or messages on social media that contain malicious attachments or URLs which introduce malware into the victim's system.
"Malicious websites are also propagated through search engine advertising tools and search engine optimization (SEO) poisoning. In the latter case, criminals manipulate web search results to lead users to websites containing malware."
Europol also notes that AI tools have increased the effectiveness of social engineering attacks, enabling threat actors to easily generate convincing lures. "The efficacy of many of the aforementioned social engineering techniques has been improved by the wider adoption of LLMs and other forms of generative artificial intelligence (genAI)," the researchers write.
"Phishing texts and scripts, generated to incorporate the language and cultural nuances of the victims' location, can improve the efficacy of campaigns. Recent research on the topic indicates that phishing messages generated by LLMs have a significantly higher click-through rate than those likely written by humans."
Europol has the story:
https://www.europol.europa.eu/media-press/newsroom/news/steal-deal-repeat-cybercriminals-cash-in-your-data





 





 

Security Tips

Public Service Announcement
Regarding National Public Data breach

First State Bank of Uvalde was made aware of a nationwide data breach at National Public Data. Stolen data, including Social Security numbers and other Personally Identifiable Information (PII), was compromised. As a public service, we are advising our clients of this breach and possible actions to take. We recommend using extra caution with email and social media accounts and being aware of phishing attempts, which are efforts to obtain your personal information or access to accounts by misrepresenting the identity of the sender.

online security

We recommend that clients follow all recommended industry best practices for security and fraud prevention, including but not limited to the following:

  • Update antivirus protection: If you have not already done so, update your antivirus protection and perform security scans on all devices. If malware is found, most antivirus programs should be able to remove it, but you may need to seek reputable professional assistance in some cases.
  • Update passwords: Update passwords for bank accounts, email accounts, social media accounts, and other services used. Ensure your updated passwords are strong and unique for each account. Passwords should include uppercase and lowercase letters, numbers, and special characters whenever possible and should never include personal information that a hacker could guess or obtain from stolen data.
  • Use multifactor authentication: Enable multifactor authentication on any accounts or services that offer it to ensure proper identity verification.
  • Check credit reports: Regularly check your credit report and report any unauthorized use of credit cards. If you notice any suspicious activity, you can ask credit bureaus to freeze your credit.
  • Beware of phishing: The bank will never call, email or text requesting banking credentials of any kind.
  • Identity Protection: There are companies like LifeLock and Experian that can help monitor your credit and watch for identity theft.

In response to this nationwide breach, we may require additional security verification for anyone requesting account information by phone, email or text.

For further information regarding this nationwide breach, you may visit the links below.

For Credit Monitoring information, you may visit the links below.

Besides the monitoring sites, there is www.identitytheft.gov (FTC) for reporting and further advice. You can also call the identity theft hotline at 1-877-IDTHEFT

Fight Fraud & Identity Theft

man on laptop

Protect your Identity

We are committed to help you fight fraud and identity theft. Identity theft is the most popular and profitable form of consumer fraud. It occurs when someone uses your personal information such as your name, social security number, credit card number or other identifying information, without your permission, to commit fraud or other crimes.

If you feel you have been a victim of Identity Theft, please contact First State Bank of Uvalde or visit IdentityTheft.gov. To report scams or fraud, please contact First State Bank of Uvalde or visit ReportFraud.ftc.gov.
 

Monitor your accounts

Keep track of transactions on your accounts by logging in to FSB's Online Banking or Mobile Banking services. Our website is: www.fsbuvalde.com.

Consumer Awareness-Internet Safety Suggestions

  • Use a properly-configured firewall, whether on your PC and/or on your Internet router.
  • Keep your system patched, especially your web browser and any other program that interacts with your web browser.
  • Use current, auto-updating anti-virus and anti-spyware software.
  • Be careful about trusting websites, especially those that require you to enter personal information. A website can generally be easily "forged" and look just like the original. The "padlock" icon doesn't necessarily mean you are at the right website, just that you are at a website that is using encryption to protect your data over the Internet. Be wary of any website that uses numbers in the address (e.g., http://22.22.22.22/index.html>http://22.22.22.22/index.html versus http://www.mybank.com/index.html) or has a country identifier at the end of the domain (e.g., < http://www.mybank.cm/>www.mybank.cn or www.mybank.ru versus www.mybank.com ).
  • Be careful about clicking on links in email, they may be a trap. For example, links to legitimate, North American websites should never use IP addresses instead of names (e.g., http://22.22.22.22./index.html versus http://www.mybank.com/index.html) and should never end in a country identifier (e.g., www.mybank.cn or www.mybank.ru versus www.mybank.com).
  • Do not respond to any e-mail that seems threatening or that asks for personal information. We will never ask for personal information by email, or send links to customers via email that direct them to the bank’s website.
  • Generally speaking, do not use a public computer for anything that requires you to enter sensitive information, as it may be infected.

To Learn more about being safe online, visit the following link: https://www.staysafeonline.org/stay-safe-online/

Phishing

Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are typically carried out through email, instant messaging, telephone calls, and text messages (SMS). Protect yourself from Phishing by not releasing personal information such as passwords and account numbers. First State Bank of Uvalde will NEVER contact you via phone or email to request this type of information. If you think that you may be a victim of Phishing or Identity Theft Fraud, contact us immediately at 830-278-6231 or send an email to FSBAcctServices@fsbuvalde.com.

Spoofing

Spoofing is the act of creating a fake website, email, etc. to mislead individuals into sharing sensitive information. Spoofs are typically made to look like they are legitimately published or sent by a trusted organization. Protect yourself from Spoofing by checking the web address (URL) of websites for slight variations in spelling or different domains. Do not click on links from non-trusted websites and if you are suspicious of a website, close it and contact the company directly.

Warning signs of potentially compromised computer systems

Anyone can be hacked. Here are some of the signs that you may have been hacked:

  • Browser Redirection
  • Anti-Virus reports infected file
  • Suspicious or unauthorized accounts/programs
  • System seems slow/sluggish
  • Passwords no longer work

Protect your personal information:

  • Do not carry your Social Security card in your wallet.
  • Do not have personal information such as your Social Security number and driver's license number printed on your checks.
  • Keep your unused checks in a safe place.
  • Do not leave your purse, wallet, checkbook, or any other forms of identification in your car.
  • Shred or tear up any documents containing banking or credit information, especially pre-approved credit offers, before you throw them away.
  • Keep your PINs and passwords a secret. Do not write them down or share them with anyone. In the event you need to write your PIN and password down, keep it in a safe place.
 

Debit MasterCard & ATM Safety Tips

  • Never allow anyone access to your secret PIN. Anyone that possesses your Debit MasterCard, or ATM card, can take money from your account at a variety of locations.
  • Never give out confidential information about your cards over the phone to anyone. Your bank already has the information and would never ask you to provide it over the phone. Phone scams are a growing problem nationally.
  • Block the view of others when you are using your cards at a store checkout.
  • Take another person with you when using outdoor ATMs or POS terminals at night.
  • When using outdoor ATMs or POS terminals, always observe your surroundings and leave if suspicious persons are nearby.
  • Treat your Debit MasterCard like cash. Always keep your card in a safe place. It's a good idea to store your card in a card sleeve. The sleeve protects the card's magnetic strip and helps ensure that the card functions properly.
  • If you receive cash back from a transaction, always put it away before leaving the location.
  • Be certain to retrieve your cards and review/retain your receipts before leaving a terminal. Do not abandon or discard your receipts where others can get them.
man with debit card
You are now leaving First State Bank of Uvalde
Continue