In recent years there has been a dramatic increase in the number and complexity of cyber security incidents.  Bad actors utilize a multitude of approaches to gain your trust and/or to access your personal data, accounts, and assets.  At Maple Capital we believe a multifaceted approach to protecting yourself is warranted and that approach starts with staying educated and aware of the current scams being employed.  Be aware, be skeptical and always verify first, trust second. 

What to know

Keep an eye out for deceptive text messages and emails that appear to be from a trustworthy source. Phone calls, or invitations on social media asking you to provide personal information, join groups and clubs or click on links and attachments should be met with a healthy dose of skepticism.  Help protect yourself against fraud with these simple DOs and DON’Ts.

Things you SHOULD do:

  • Check the sender’s name for familiarity and authenticity. Does the email address or phone number match who the sender is claiming to be?
  • Check for grammatical errors in emails and text messages. Does the message contain misspelled names or words? 
  • Check for a threatening message. Does the message warn you that your account has been hacked or locked? Does it claim that your personal information is at stake?
  • Check for suspicious attachments or links and refrain from opening. Does the message contain an attachment that you didn’t request?
  • Verify by calling or contacting the trusted source being referenced.

Things you should NOT do:

  • Never provide any account or login credentials to unsolicited emails, texts, or phone calls.
  • Never click on links or open attachments within electronic communications when in doubt or if they appear to be suspicious.
  • Do not follow links from email or social media claiming to be part of investing clubs, related entities, or other groups.

Things Maple Capital will NOT do:

  • We will never contact you via text or social media.
  • We will never ask you to join an affiliated investment group or club.
  • We will never ask you for logon credentials to any of your accounts.
  • We will never provide stock tips, promise outsized returns, offer prizes or otherwise provide some incentive for a guaranteed event.

How to protect yourself:

Sensitive Personal Information

Maple Capital will only collect personal information such as name, social security number, date of birth and address, through a secure method.

Instant Messaging

Maple Capital does not solicit the public to join investment groups, stock clubs, market investment products forums or services, or provide investment advice to individual investors through text messages or instant messaging platforms such as WhatsApp or Facebook. If you are approached on these platforms by someone claiming to work at or on behalf of Maple Capital, please assume the communication is fraudulent.

Email

Maple Capital uses the domain maplecapital.com for all email communications. If you are contacted by someone not using this email domain claiming to be from Maple Capital or the email otherwise seems suspicious, assume the communication is fraudulent.

Social Media

Maple Capital does not communicate through direct messaging services such as WhatsApp or social media platforms such as LinkedIn, X, Facebook, Snapchat, or Instagram. If you are contacted via these means by someone claiming to work at or on behalf of Maple Capital, please assume the communication is fraudulent.

Mobile Apps

Maple Capital does not have any mobile apps. If you are directed to install a mobile app, the app is not from Maple Capital and should be considered fraudulent.

Call us

Contact us immediately if you suspect fraudulent activity at contact us.

What is it?

Social Engineering Scams

Social Engineering Scams have become a mainstay of today’s world and continue to grow in terms of complexity and sophistication. The frequency of these attacks, particularly those involving social engineering schemes, has created a serious risk for individuals and businesses alike.

Virtually anyone who spends time online, whether on social media, shopping, paying bills, or simply communicating via text or email, can be a potential victim of a cybercrime. Cybercriminals are using increasingly realistic methods designed to manipulate individuals into divulging personal and confidential information.

These scams include posting fraudulent links to well-known websites or sending emails from known individuals or companies that have fraudulent links or attachments that contain malicious software known as malware. The intent is for you to fall for these scams by divulging your personal information that the cybercriminals can then use to access your computer and accounts for their own benefit and financial gain.  When it comes to social engineering scams, basic awareness of the tactics used can go a long way to keeping your personal information secure.  Even the most security-savvy computer users can be vulnerable to social engineering scams, so it’s important to keep apprised of the types of threats that are prevalent today, and the extra measures you can take to avoid becoming a victim.

Common Social Engineering Scams:

Phishing

This tactic involves using a fraudulent email to trick the recipient into opening a malicious attachment or visiting a malicious website. Phishing has been around for many years and remains a common scam for hackers because it continues to work.

Cybercriminals may act as representatives of familiar, trusted organizations.  Examples of some of these are government agencies, financial institutions, or popular social media applications or file sharing sites.  They will attempt to gain your confidence and encourage you to follow the email’s directives, such as divulging sensitive information.

This particular attack has continued to evolve through the use of “spear phishing,” which personalizes an email so that it appears to come from a known person or organization. Additional tactics include “whaling,” which is a spear phishing attack that targets corporate leaders and high-profile individuals.

The majority of phishing schemes typically aim to have the recipient reveal sensitive information, ranging from passwords to bank account numbers or even corporate data.

What you should keep in mind:

  • Don’t respond to emails requesting personal information, and always delete emails before opening them if you do not recognize the sender.
  • Never click on embedded hyperlinks or open attachments in emails that you believe to be fraudulent or suspicious.
  • If an email appears to be from a company that you do business with, contact them directly to discuss or report the message.
  • Never share passwords, login credentials, or any authentication information.
  • Always use a SPAM filter, anti-virus software, and a personal firewall.

Baiting

These types of social engineering attacks lure you with the promise of something too good to be true. Stock tips, investment ideas, stock Clubs, offers for gift cards, free smartphones, or even lottery winnings.

The most adept hackers will use information gleaned from social networking sites, corporate websites, job search sites, and online newsletters to tailor information that may be specific to you. This technique relies on your curiosity, hoping you will be attracted enough to an offer to surrender your login credentials, personal information, or even money. 

What you should keep in mind:

  • When it comes to cybersecurity, verify first, trust second.
  • Don’t believe everything you read, even if it is on a friend’s web page. If it sounds too good to be true, it almost certainly is.

Social Media

Hackers use social media not only to gain information about victims but to spread malware and entice users into making mistakes. 

On social media, cybercriminals may also create fake videos and websites tailored to trending topics and current events, or send messages with shortened, unverifiable URLs to spread malware intended to collect information from computers and other devices.  Others may invite you to join group chat rooms offering investment advice, stock tips, or promising outsized returns.   

What you should keep in mind:

  • Beware of any invite to join chat rooms or groups claiming to be affiliated with a person or firm with whom you do business.  Call that person or firm directly to verify.
  • Review your settings on social networking sites regularly to ensure that privacy settings are set to the highest level with which you are comfortable.
  • Be careful what you click on and what you say.
  • Do not share confidential information that may be the answer to your security question, such as your mother’s maiden name or your date of birth.
  • Never click on a hyperlink within a post if it appears suspicious, even if it appears to come from a friend.  Your friend’s account may have been hacked.
  • Don’t accept connection requests from unfamiliar individuals, they may be looking to find out when you are on vacation or away for an extended period.

What if it happens to you?

If you believe you have been the victim of an investment scam, you can report the matter to several different law enforcement and regulatory agencies. You can submit tips and complaints about internet-based crimes to the FBI via these websites: Electronic Tip Form or Internet Crime Complaint Center(IC3). You can also submit tips, complaints and referrals to the SEC or FINRA.