honeycomb graphic design with cybersecurity, and protection listed with a small padlock.


At Malaga Bank, we are committed to the security of your financial information. However, you are your own best advocate when it comes to the confidentiality of your personal information.  As financial scams and fraud become increasingly more sophisticated, staying alert is still the best solution.

Security Education

How can you protect yourself? Always consider the possibility that an uninvited call, e-mail or pop up on the internet, can actually be a scam. The old saying is still true today: “If it looks too good to be true, it probably is.” Be Cyber Smart and stay protected when you’re connected.

Avoid putting yourself at risk by opening e-mails purporting to be from a financial institution, government department, or other agency requesting account information, account verification, or banking access credentials.

Every year where there are disasters, scammers are putting out fake charity websites and phishing e-mails asking for donations. It’s best to go directly to the website for the charity of your choice.

Read more from the provided links connecting you to resources to help you become Cyber Smart.

Online Security and Privacy

We are dedicated to protecting and safeguarding your non-public, personal information.  In addition to enforcing strict federal regulations, we take pride in educating our customers about identity theft, online fraud and other scams.   See Security Education.

Online Security

Keeping your personal information protected is important to us.  Malaga Bank enforces physical, electronic and procedural safeguards that adhere to federal and state standards for protecting your information.  However, the online security of information can never be 100% guaranteed as secure.  While it takes diligence, you can keep the hackers out in the cold with safety practices on your computer.

Check for the padlock icon in your browser bar which signifies a secure site. Never provide personal financial information to a bank text or e-mail. Following a banking link sent in a text message or e-mail could be a phishing scam taking you to a fake web site.

Mobile Security

Your mobile device is a great tool for talking to friends, sharing photos and doing everyday business including personal or business banking. Take precautions and protect your smart phone or tablet. Add safeguards like a password, two factor authentication or biometric features. Also, we can’t say this enough: Never provide personal financial information to a bank text or e-mail. Following a banking link sent in a text message or e-mail could be a phishing scam taking you to a fake web site.

Stay Cyber Safe and avoid free internet Wi-Fi at public locations, especially if you bank online. Public hot spots may be too public for your private information.

Fraud Awareness and COVID-19 Scams

Recent events have placed our customers and community members in challenging situations because of the current pandemic, COVID-19. During events like this, fraudsters and scammers increase their efforts to take advantage of the situation to steal your money, your personal information, or your identity. Now more than ever, it’s important to be aware and diligent to fight these attempts. We have compiled common frauds and scams related to COVID-19, as well as resources for additional education to keep you and your finances secure.  

Copycat Bank Fraud Prevention Alerts

Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," reported by the U.S. Federal Trade Commission.

People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they'll get a call from a phony 'fraud department' claiming they want to 'help get your money back.' What they really want to do is make unauthorized transfers.

What's more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft.

Don't Trust the Voice

The FTC explains: “Artificial Intelligence is no longer a far-fetched idea out of a sci-fi movie. We’re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member’s voice – which he could get from content posted online – and a voice-cloning program. When the scammer calls you, he will sound just like your loved one.”

So how can you tell if a family member is in trouble or if it is a scammer using a cloned voice?

Do not trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you cannot reach your loved one, try to get in touch with them through another family member or their friends.

Romance Scams

Online dating sites have increased over the past few years.  And so have scammers looking to profit.  In typical romance scams, scammers use stolen pictures from the internet to build fake personas on social media sites or dating platforms and eventually coerce their victim into sending them money. Victims most often send money to romance scammers by wire transfer or gift cards.

Reports of gift cards used to pay scammers have risen almost 70% since 2019. The FTC reports gift cards and money through wire transfers have cost victims to lose a record $304 million in just last year alone!  Social distancing and the pandemic have provided perfect opportunities for romance scammers to put off meeting in person.

What can you do?  Never transfer money from your bank account, buy gift cards, or wire money to an online love interest. You won’t get it back. 

Check Washing Scams

Perpetrators are stealing mail out of residential and post office mailboxes using special devices to fish mail out of them.  Upon acquiring a check, the scammers will “wash” the checks(s) with special chemicals to remove the ink.  They can change both the payee and the dollar amount, rerouting the money to their account instead of the intended recipient.  With an individual’s account number, the scammers also have the ability to produce counterfeit checks with the stolen account number.

How you can help prevent this from affecting you.

  • When writing a check, be sure to always use black or blue ink.
  • If you have to mail out a check, take it to the post office and hand it directly to a postal worker.
  • Whether you have online banking or receive monthly statements, review your accounts on a regular basis to verify activity. Make sure the items that have paid on your account were for the correct dollar amount and have the name of the intended recipient. 
  • Many businesses accept online payments through their secured website, meaning you can make payments online versus mailing a check.
  • Shred checks, statements, and other paper containing personal information once they are no longer of use. If you do not own a shredder, remember to remove personal information from bank statements, credit card statements and check copies, prior to disposal.

Homeowners Property Tax Scam

Los Angeles County Officials are alerting the public to a scam attempting to collect Homeowner’s property tax payments in-person under the pretext of COVID-19 office closures. These scammers may even have fake identification as well as a copy of the homeowner’s tax bill.

“The County of Los Angeles Treasurer and Tax Collector (TTC) does not conduct in-person visits to collect property tax payments and any attempts to collect in-person payments are fraudulent,” said Keith Knox, Los Angeles County Treasurer and Tax Collector. “Should you be contacted at your home or hear about this in your neighborhood, do not make payment to the person requesting it and notify local law enforcement immediately.” For details on available property tax payment options visit ttc.lacounty.gov.

Grandparent Scams

Scammers targeting grandparents have added a new twist by posing as panicked grandchildren in trouble.

With claims of illness, being in a foreign jail, or needing to leave a foreign country, they may present an urgent need for emergency cash and pressure you to send or wire money right away.

Resist the urge to act immediately. Verify their identity by asking for a family phone number or ask questions a stranger couldn’t possibly answer. Don’t send cash, gift cards or money transfers. Once a scammer gets your money, it’s gone!

Chain or Lottery Scam

As seniors become more active digital users these days, they need to be extra vigilant for the latest scams.  The stakes are especially high for them making it even more important than ever to help them be aware of charities or businesses requesting donations.

Fraudsters claim to work for a nonprofit or charitable organization, sometimes promising prizes or rewards for people who might contribute to their supposed cause.  Take a step back, fraudsters want to create a sense of urgency in order to elicit a response from an older target.   Always confirm the contact information of anyone who seeks to connect online.  Don’t offer any personal identifiable information or financial access if you feel uncertain.

As always, make sure to fact-check all information you receive no matter the source. Scammers, and even innocent well-meaning people, share information that hasn’t been verified. Before you pass on any messages, contact trusted sources to ensure they are legitimate. Visit official COVID-19 government websites for more up-to-date information.

Work-from-home Schemes

Watch out for online job postings and emails from individuals promising you easy money for little to no effort. Common red flags that you may be acting as a money mule include:

  • The “employer” you communicate with uses web-based services such as Gmail, Yahoo, Hotmail, Outlook, etc.
  • You are asked to receive funds in your personal bank account and then “process” or “transfer” funds via wire transfer, ACH, mail, purchase gift cards or money service products, such as through Western Union or MoneyGram.
  • You are asked to open bank accounts in your name for a business.
  • You are told to keep a portion of the money you transfer.

Shopping Online Ads and Offers

Be aware of offers and ads for cures, treatments, medical supplies, free video streaming services, sites to track the virus’ spread, and other “too good to be true” claims.

Be aware of who you’re buying from. Online sellers may claim to have in-demand items, like cleaning, household, or medical supplies when, in fact they don’t. This may be an attempt to get your credit card information or to get you to unknowingly download malware onto your device or computer.


Recognize QR Code Scams

What is a Quick Response code?  They are square bar codes, also known as QR codes and appear everywhere these days.  To access a QR code, hover the camera of your cell phone over the bar code which takes you to a designated site.

One example: Restaurants started using QR codes during the pandemic to replace paper menus to direct patrons to order and pay for the food online which reduces direct contact with restaurant staff.   The FBI says fake QR codes can be used to embed malware onto an innocent victim’s phone giving the scam artist access to the device and potentially any information on it, including financial information.

Pay Attention When Scanning QR Codes:

  • Before clicking, check the URL to make sure it is for the intended website AND that it is spelled correctly.
  • Ensure that the material displaying the legitimate QR code hasn’t been tampered with, i.e. a sticker placed on top of the original code.
  • Avoid making payments through a site found via a QR code. Instead manually enter a known and trusted URL to complete the payment.
  • Call the company to verify whenever you receive an email or text asking you to pay through a QR code.  Locate the company’s number through a trusted site rather than the number provided in the email or text.
  • If you receive a QR code that you believe to be from someone you know, reach out to them to verify.
  • Since most phones have a built-in scanner in the camera, do not download a QR code scanner app as it increases the risk of being exposed to malware. 
  • When downloading a new app to your phone, always use your phone’s app store instead of from a QR code.

If you believe you have had funds stolen from a tampered or fake QR code, report the fraud to your local FBI field office.

Recognize and Avoid Phishing Emails

Scammers will try to trick you by emailing information they know you’re interested in. They make themselves appear to come from a familiar source hoping you will act or click before thinking it through. Like other types of phishing emails, the messages usually try to get you to click on a link taking you to a fake website or provide personal information that can be used to commit fraud or identity theft against you.  

We can’t say this enough: Never provide personal financial information to a bank text or email. We’ve listed steps you can take to help thwart scammers.

  • Beware of requests for personal information. Any email that seeks personal information like your Social Security number or login information is a scam. Legitimate government agencies won’t ask for that information.
  • Check the email address or link. You can inspect a link by hovering (but not clicking) your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate, but keep in mind scammers and fraudsters can create links that closely resemble real websites. Delete the email if you suspect it is a scam. 
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Avoid emails that insist you act now. Scammers often try to create a sense of urgency or demand immediate action. Their goal is to get you to click on a link and provide personal information without thoroughly thinking it through. Delete the message.
  • Fake CDC Alerts. The email might falsely claim to link you to a list of coronavirus cases in your area or offer information on testing, results, or anything else to get you to open the email.

Report Fraud to the Federal Trade Commission (FTC), plus Important Recovery Steps 

If you are a victim of a fraud attack, report the attack and take steps to develop a recovery plan. Place a fraud alert on your credit, obtain your free credit reports, and close any fraudulent accounts opened in your name. 

If you think you are a victim of a scam or attempted fraud involving COVID-19, you can report it without leaving your home by calling the Department of Justice’s National Center for Disaster Fraud Hotline at (866) 720-5721.

IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. Use this site for streamlined checklists and sample letters to guide you through the recovery process.

Business Security Tips

Fraudsters and scammers are affecting everyone. They are especially a problem for small businesses and start-ups that may not have the budget for cyber security support.

How can you protect yourself and your business?  We’ve listed tips and education links helping you to stay protected when you’re connected. Best defenses for protection? Protect your business with thorough and ongoing employee training. Providing videos or enlisting a third party for drills are ways to keep your employees set up for defense success. Spread the word. If your employees know about the scam, they’ll be more likely to spot it. Tell your colleagues, too.

Always consider the possibility that an uninvited call, e-mail or pop up on the internet, can actually be a scam. Know who you’re responding to in an email. For more tips visit our Covid 19 Scams and Fraud Awareness page.

Don't be fooled.  Think before you click!

Business Email Compromise (“BEC”)

This type of fraud is a serious issue for all businesses alike. Typically targeting people who pay bills in businesses, government and nonprofit organizations, it has resulted in more losses than any other type of fraud in the U.S., according to the Federal Bureau of Investigations.

The scammer poses as a vendor or other trusted source, who sends an email to an accountant or chief financial officer. The email asks them to wire money, buy gift cards or send personal information, using convincing emails. If money is sent, it goes into an account controlled by the fraudster.

Ransomware Attacks

Ransomware is a type of malicious software that infects a computer and restricts access to it until a ransom is paid to unlock it.  Users are told that unless a ransom is paid, access will not be restored.  Ransomware is effective because it puts fear and panic into their victims.

Protect your digital assets by adding a data backup and recovery plan for critical information.  Maintain up-to-date anti-virus software, train your employees not to click on links in emails from unknown sources or download unauthorized software.  

Phishing Scams

Phishing scams are a growing problem for businesses. These scams often appear to be legitimate emails or text messages, many with an urgent tone or a security alert grabbing your attention but designed to capture sensitive information. When you click on the link, you may download a virus that captures personal information or takes you to a phony website.

Don’t click on links!  Instead, hover over the link with your cursor to see the real address. Proper firewalls and computer protection software are also ways to protect your business. Fraudsters will go to great lengths to steal your personal information. Employee training is a must to protect yourself and your business.

Office Supply Scams

You may receive an unexpected telephone call from someone claiming to represent a reputable company with which the firm often does business. Sometimes scammers will even call in advance to find out what brand of supplies or equipment the business uses. The scam caller will try to sell the business surplus merchandise at a reduced price, citing a cancellation or over-order by another purchaser. The merchandise doesn’t exist.