Customer AwarenessDefending Yourself Against Identity Theft As technology advances, you can be sure that identity thieves are not far behind. Here are some common methods cyberthieves use to steal your personal information and how you can increase your security while shopping or banking. Phishing/vishing Your email messages may not be quite what they appear to be if you're targeted by a phishing scam. Phishing is the act of sending fraudulent emails that seem to come from familiar businesses. These messages contain links to phony websites designed to steal personal information either directly or through malware and keyloggers. Often you'll see a problem referenced with a request to click on the link provided to correct it. Once you've entered your information, ID thieves can access your accounts. Vishing is the telephone version of phishing. Callers are sometimes bold enough to suggest the victim call back to verify authenticity. But the vishers don't actually hang up; instead they play a recorded dial tone to make the victim believe he's making a call. Debit and credit card fraud Most shoppers love the convenience of plastic, and identity thieves use this to their advantage whether it involves skimming, phishing, vishing, malware, mail theft or just looking over a victim's shoulder to steal account numbers. When debit cards are compromised, it's particularly alarming because fraudulent purchases drain your checking account instantly. BEC scams Business email compromise, or BEC, scams have cost companies more than $1.2 billion. A phony email from a CEO requesting that funds be transferred per attached instructions is sent to an employee. Because the email appears to come from the employee's superiors, and because the message so closely resembles requests this employee receives regularly, the transfer is often made without question. The money then ends up in overseas accounts that are almost impossible to trace. Tips to protect yourself To even further reduce fraud risk: - Install the latest editions of antispyware, antivirus, firewalls and browsers to all devices, and password-protect them.
- Use strong passwords for all accounts and change them frequently.
- Monitor accounts and credit reports to detect fraud early
- Don't use public Wi-Fi networks for financial transactions.
- Keep cards away from public view, and shred personal documents before discarding.
- Opt in for two-factor authentication on accounts.
- Turn off bluetooth and near field communication when not in use.
- Don't click on email links. Type full web addresses to access business websites.
- Never share sensitive information with unsolicited callers or email senders.
- To verify calls, hang up for at least one minute to insure the first call is disconnected.
- To protect your business from BEC scams, use a two-step verification process for all money transfers. Verbal confirmation is also wise.
Staying informed and adopting smart fraud prevention practices will go a long way toward protecting your identity. Between your efforts and your bank's security, you should be able to stay a step ahead of identity thieves. © Copyright 2016 NerdWallet, Inc. All Rights Reserved Identity Theft Protection This information was obtained from www.ftc.gov What are the steps I should take if I'm a victim of identity theft? If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence. 1. Place a fraud alert on your credit reports, and review your credit reports. Fraud alerts can help prevent an identity thief from opening any more accounts in your name. Contact the toll-free fraud number of any of the three consumer reporting companies below to place a fraud alert on your credit report. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. If you do not receive a confirmation from a company, you should contact that company directly to place a fraud alert. TransUnion: | 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 | Equifax: | 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 | Experian: | 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, TX 75013 |
Once you place the in your file, you're entitled to order one free copy of your credit report from each of the three consumer reporting companies, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports. Once you get your credit reports, review them carefully. Look for inquiries from companies you haven't contacted, accounts you didn't open, and fraud alerts on your accounts that you can't explain. Check that information, like your Social Security number, address(es), name or initials, and employers are correct. If you find fraudulent or inaccurate information, get it removed. When you correct your credit report, use an Identity Theft Report with a cover letter explaining your request, to get the fastest and most complete results. Continue to check your credit reports periodically, especially for the first year after you discover the identity theft, to make sure no new fraudulent activity has occurred. 2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently. Call and speak with someone in the security or fraud department of each company. Follow up in writing, and include copies (NOT originals) of supporting documents. It's important to notify credit card companies and banks in writing. Send your letters by certified mail, return receipt requested, so you can document what the company received and when. Keep a file of your correspondence and enclosures. When you open new accounts, use new Personal Identification Numbers (PINs) and passwords. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers. If the identity thief has made charges or debits on your accounts, or has fraudulently opened accounts, ask the company for the forms to dispute those transactions: - For charges and debits on existing accounts, ask the representative to send you the company's fraud dispute forms. Write to the company at the address given for "billing inquiries," NOT the address for sending your payments.
- For new unauthorized accounts, you can either file a dispute directly with the company or file a report with the police and provide a copy, called an "Identity Theft Report," to the company.
- If you want to file a dispute directly with the company, and do not want to file a report with the police, ask if the company accepts the FTC's ID Theft Affidavit. If it does not, ask the representative to send you the company's fraud dispute forms.
- However, filing a report with the police and then providing the company with an Identity Theft Report will give you greater protection. For example, if the company has already reported these unauthorized accounts or debts on your credit report, an Identity Theft Report will require them to stop reporting that fraudulent information. Use a cover letter to explain to the company the rights you have by using the Identity Theft Report.
- Once you have resolved your identity theft dispute with the company, ask for a letter stating that the company has closed the disputed accounts and has discharged the fraudulent debts. This letter is your best proof if errors relating to this account reappear on your credit report or you are contacted again about the fraudulent debt.
3. File a complaint with the Federal Trade Commission. You can file a complaint with the FTC using the online complaint form; or call the FTC's Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Be sure to call the Hotline to update your complaint if you have any additional information or problems. By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them. The FTC can refer victims' complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces. Additionally, you can provide a printed copy of your online Complaint form to the police to incorporate into their police report. The printed FTC ID Theft Complaint, in conjunction with the police report, can constitute an Identity Theft Report and entitle you to certain protections. This Identity Theft Report can be used to (1) permanently block fraudulent information from appearing on your credit report; (2) ensure that debts do not reappear on your credit report; (3) prevent a company from continuing to collect debts that result from identity theft; and (4) place an extended fraud alert on your credit report. 4. File a report with your local police or the police in the community where the identity theft took place. Call your local police department and tell them that you want to file a report about your identity theft. Ask them if you can file the report in person. If you cannot, ask if you can file a report over the Internet or telephone. See below for information about Automated Reports. If the police are reluctant to take your report, ask to file a "Miscellaneous Incident" report, or try another jurisdiction, like your state police. You also can check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number or check www.naag.org for a list of state Attorneys General. When you go to your local police department to file your report, bring a printed copy of your FTC ID Theft Complaint form, your cover letter, and your supporting documentation. Ask the officer to attach or incorporate the ID Theft Complaint into their police report. Tell them that you need a copy of the Identity Theft Report (the police report with your ID Theft Complaint attached or incorporated)to dispute the fraudulent accounts and debts created by the identity thief. (In some jurisdictions the officer will not be able to give you a copy of the official police report, but should be able to sign your Complaint and write the police report number in the "Law Enforcement Report" section.) What is a fraud alert? There are two types of fraud alerts: an initial alert, and an extended alert. - An initial fraud alert stays on your credit report for at least 90 days. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial alert is appropriate if your wallet has been stolen or if you've been taken in by a "phishing" scam. With an initial fraud alert, potential creditors must use what the law refers to as "reasonable policies and procedures" to verify your identity before issuing credit in your name. However, the steps potential creditors take to verify your identity may not always alert them that the applicant is not you. When you place an initial fraud alert on your credit report, you're entitled to order one free credit report from each of the three nationwide consumer reporting companies, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports.
- An extended fraud alert stays on your credit report for seven years. You can have an extended alert placed on your credit report if you've been a victim of identity theft and you provide the consumer reporting company with an Identity Theft Report. An automated Identity Theft Report, such as the printed ID Theft Complaint available from this Web site, should be sufficient to obtain an extended fraud alert. With an extended fraud alert, potential creditors must actually contact you, or meet with you in person, before they issue you credit. When you place an extended alert on your credit report, you're entitled to two free credit reports within twelve months from each of the three nationwide consumer reporting companies. In addition, the consumer reporting companies will remove your name from marketing lists for pre-screened credit offers for five years unless you ask them to put your name back on the list before then.
To place either of these alerts on your credit report, or to have them removed, you will be required to provide appropriate proof of your identity: that may include your Social Security number, name, address and other personal information requested by the consumer reporting company. As mentioned, depending on the type of fraud alert you place, potential creditors must either contact you or take reasonable steps to verify your identity. This may cause some delays if you're trying to obtain credit. To compensate for possible delays, you may wish to include a cell phone number, where you can be reached easily, in your alert. Remember to keep all contact information in your alert current. What does a fraud alert not do? While a fraud alert can help keep an identity thief from opening new accounts in your name, it's not a solution to all types of identity theft. It will not protect you from an identity thief using your existing credit cards or other accounts. It also will not protect you from an identity thief opening new accounts in your name that do not require a credit check - such as a telephone, wireless, or bank account. And, if there's identity theft already going on when you place the fraud alert, the fraud alert alone won't stop it. A fraud alert, however, can be extremely useful in stopping identity theft that involves opening a new line of credit. What is a credit freeze? Many states have laws that let consumers "freeze" their credit - in other words, letting a consumer restrict access to his or her credit report. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. This means that it's unlikely that an identity thief would be able to open a new account in your name. Placing a credit freeze does not affect your credit score - nor does it keep you from getting your free annual credit report, or from buying your credit report or score. Credit freeze laws vary from state to state. In some states, anyone can freeze their credit file, while in other states, only identity theft victims can. The cost of placing, temporarily lifting, and removing a credit freeze also varies. Many states make credit freezes free for identity theft victims, while other consumers pay a fee - typically $10. It's also important to know that these costs are for each of the credit reporting agencies. If you want to freeze your credit, it would mean placing the freeze with each of three credit reporting agencies, and paying the fee to each one. Who can access my credit report if I place a credit freeze? If you place a credit freeze, you will continue to have access to your free annual credit report. You'll also be able to buy your credit report and credit score even after placing a credit freeze. Companies that you do business with will still have access to your credit report - for example, your mortgage, credit card, or cell phone company - as would collection agencies that are working for one of those companies. Companies will also still be able to offer you prescreened credit. Those are the credit offers you receive in the mail that you have not applied for. Additionally, in some states, potential employers, insurance companies, landlords, and other non-creditors can still get access to your credit report with a credit freeze in place. Can I temporarily lift my credit freeze if I need to let someone check my credit report? If you want to apply for a loan or credit card, or otherwise need to give someone access to your credit report and that person is not covered by an exception to the credit freeze law, you would need to temporarily lift the credit freeze. You would do that by using a PIN that each credit reporting agency would send once you placed the credit freeze. In most states, you'd have to pay a fee to lift the credit freeze. Most states currently give the credit reporting agencies three days to lift the credit freeze. This might keep you from getting "instant" credit, which may be something to weigh when considering a credit freeze. What does a credit freeze not do? While a credit freeze can help keep an identity thief from opening most new accounts in your name, it's not a solution to all types of identity theft. It will not protect you, for example, from an identity thief who uses your existing credit cards or other accounts. There are also new accounts, such as telephone, wireless, and bank accounts, which an ID thief could open without a credit check. In addition, some creditors might open an account without first getting your credit report. And, if there's identity theft already going on when you place the credit freeze, the freeze itself won't be able to stop it. While a credit freeze may not protect you in these kinds of cases, it can protect you from the vast majority of identity theft that involves opening a new line of credit. What's the difference between a credit freeze and a fraud alert? A fraud alert is another tool for people who've had their ID stolen - or who suspect it may have been stolen. With a fraud alert in place, businesses may still check your credit report. Depending on whether you place an initial 90-day fraud alert or an extended fraud alert, potential creditors must either contact you or use what the law refers to as "reasonable policies and procedures" to verify your identity before issuing credit in your name. However, the steps potential creditors take to verify your identity may not always alert them that the applicant is not you. A credit freeze, on the other hand, will prevent potential creditors and other third parties from accessing your credit report at all, unless you lift the freeze or already have a relationship with the company. Some consumers use credit freezes because they feel they give more protection. As with credit freezes, fraud alerts are mainly effective against new credit accounts being opened in your name, but will likely not stop thieves from using your existing accounts, or opening new accounts such as new telephone or wireless accounts, where credit is often not checked. Also, only people who've had their ID stolen - or who suspect it may have been stolen, may place fraud alerts. In some states, anyone can place a credit freeze. What is an Identity Theft Report? An Identity Theft Report is a police report with more than the usual amount of detail. The Identity Theft Report includes enough detail about the crime for the credit reporting companies and the businesses involved to verify that you are a victim-and to know which accounts and inaccurate information came from identity theft. Normal police reports often don't have many details about the accounts that were opened or misused by identity thieves. The printed copy of your ID Theft Complaint Form can provide additional details for the police report. The police are not legally required to use the FTC's ID Theft Complaint Form as part of their report. Your police department may have another way to incorporate the details of your crime. In these cases, the police report by itself may serve as an Identity Theft Report. When you file your Identity Theft Report, the credit reporting companies will permanently block fraudulent information from appearing on your credit report. Filing an Identity Theft Report with the credit reporting companies or with the companies where the thief used your information should ensure that these debts do not reappear on your credit report. An Identity Theft Report can prevent a company from continuing to try to collect debts that result from identity theft, or sell those debts to others for collection. It also allows you to place an extended fraud alert on your credit report. The credit reporting companies may decline your Identity Theft Report if it does not contain enough detail for them to verify that you are a victim of identity theft. In that case, the credit reporting companies have certain timeframes for responding to your Identity Theft Report with requests for additional information. Creating and using an Identity Theft Report may require two steps: Step One begins with filing your report with a local, state, or federal law enforcement agency. These agencies may include your local police department, your State Attorney General, the FBI, the U.S. Secret Service, the FTC, or the U.S. Postal Inspection Service. Some state laws require local police departments to take reports, but there is no law requiring federal agencies to take a report. In your report, you should give as much information as you can about the crime, including anything you know about the dates of the identity theft, the fraudulent accounts opened and the alleged identity thief. It may help you give the necessary level of detail if you file an online complaint with the FTC, and then ask your local police department to incorporate a copy of the printed ID Theft Complaint into its police report. Step Two begins when you send the businesses involved and the credit reporting companies a copy of your Identity Theft Report, which you should do by certified mail, return receipt requested. The companies may ask you to give them more information or documentation to help them verify your identity theft. They have to make their request within 15 days of receiving your Identity Theft Report. The credit reporting company or business then has 15 more days to work with you to make sure your Identity Theft Report contains everything they need. They are also entitled to five days to review any information you give them. For example, if you give them information 11 days after they request it, they have until day 16 to make a final decision. How do I get an Identity Theft Report? The officer taking your police report can attach or incorporate your ID Theft Complaint into their police report to add more detail. Ask the officer to give you a copy of the official police report that incorporates or attaches your ID Theft Complaint. In some places the officer will not be able to give you a copy of the official police report, but should be able to sign a copy of your ID Theft Complaint and write the police report number in the "Law Enforcement Report" section. Be sure to keep a copy of the police report number. The police are not legally required to use the FTC's ID Theft Complaint Form as part of their report. Your police department may have another way to include all the details of your identity theft information in their police report. In these cases, the police report by itself may serve as an Identity Theft Report. Because the detailed Identity Theft Report is required for you to get many important protections, you may wish to use the Law Enforcement Cover Letter to explain to the police department how important it is for you to get a police report - as well as the legal protections that a detailed Identity Theft Report gives you. How do I submit my Identity Theft Report to the credit reporting companies, or to businesses where the thief used my information? When you send a copy of your Identity Theft Report to the fraud departments of the three major credit reporting companies, include a copy of the credit reporting company cover letter, along with copies of your supporting documentation. Send your information by certified mail with return receipt requested. The mailing addresses for sending Identity Theft Reports to the three major credit reporting companies are on the cover letter. When writing to the fraud departments of each of the companies where the identity thief has committed fraud using your personal information, include copies of the Identity Theft Report, your supporting documentation, and the appropriate cover letter: for fraud on your existing accounts, or for fraud on new accounts. Always send this information by certified mail, with a return receipt requested. The credit reporting companies have certain timeframes for responding to your Identity Theft Report with requests for additional information. What do I do if the police only take reports about identity theft over the Internet or telephone? The FTC ID Theft Complaint has a special section for police reports that are not filed face-to-face, to help you use it to supplement an automated police report. If you file a police report online or over the phone, complete the "Automated Report Information" block of the ID Theft Complaint. Attach a copy of any filing confirmation received from the police. If you have a choice, however, you should file your police report in person and not use an automated report. It is more difficult for the consumer reporting company and information provider to verify the information in an automated report, and they will likely require additional information and/or documentation. What do I do if the local police won't take a report? There are efforts at the federal, state and local level to ensure that local law enforcement agencies understand identity theft, its impact on victims, and the importance of taking a police report. However, we still hear that some departments are not taking reports. The following tips may help you to get a report if you're having difficulties: - Provide the officer with a copy of the Law Enforcement Cover Letter that explains why the police report and the Identity Theft Report are so important to both victims and industry.
- Furnish as much documentation as you can to prove your case. Debt collection letters, credit reports, a copy of your printed ID Theft Complaint, and other evidence of fraudulent activity can help demonstrate the legitimacy of your case. Provide the police a copy of "Remedying the Effects of Identity Theft," which shows that police reports are necessary to secure your rights.
- Be persistent if local authorities tell you that they can't take a report. Stress the importance of a police report; many creditors require one to resolve your dispute. Remind them that consumer reporting companies will automatically block the fraudulent accounts and bad debts from appearing on your credit report, but only if you can give them a copy of the police report. In addition, a police report may be needed to obtain the fraudulent application and other records the company has.
- If you're told that identity theft is not a crime under your state law, ask to file a Miscellaneous Incident Report instead.
- If you can't get the local police to take a report, try your county police. If that doesn't work, try your state police.
Some states require the police to take reports for identity theft. Check with the office of your State Attorney General, which can be found at www.naag.org, to find out if your state has this law. How do I prove that I'm an identity theft victim? Applications or other transaction records related to the theft of your identity may help you prove that you are a victim. For example, you may be able to show that the signature on an application is not yours. These documents also may contain information about the identity thief that is valuable to law enforcement. By law, companies must give you a copy of the application or other business transaction records relating to your identity theft if you submit your request in writing, accompanied by a police report. Read more about getting information from businesses, and use this model letter to request this information. Should I apply for a new Social Security number? Under certain circumstances, the Social Security Administration may issue you a new Social Security number - at your request - if, after trying to resolve the problems brought on by identity theft, you continue to experience problems. Consider this option carefully. A new Social Security number may not resolve your identity theft problems, and may actually create new problems. For example, a new Social Security number does not necessarily ensure a new credit record because credit bureaus may combine the credit records from your old Social Security number with those from your new Social Security number. Even when the old credit information is not associated with your new Social Security number, the absence of any credit history under your new Social Security number may make it more difficult for you to get credit. And finally, there's no guarantee that a new Social Security number wouldn't also be misused by an identity thief. Securing Your Password Tips for Secure Online Banking How can you make your password more secure? Your online banking password is the key to your personal and financial information. If criminals know your password, they can use it to steal from you or pose as you in online transactions. Below are tips to make your online banking experience safer. Do's Install a reputable antivirus software program on all computers and keep them current. This is an important thing you can do to protect your information. Make your password as long and complex as possible. Make it easy to remember, but hard to guess. Use a combination of letters and number that you know, but that wouldn't make sense to others. Combine initials, important numbers, or special characters such as @, #, $, &, or *. A good password could be 17dg*wm4. Use more than one password. Use a generic password for low-risk situations such as a newspaper website where there is little risk to you if someone figures it out. Not every website warrants the same level of protection as your online banking website. To make your ever-growing list of passwords more manageable , consider using a general-purpose password for websites that do not contain personal or financial information, and creating a unique, secure password for each website that does, such as online banking. Use trustworthy computers. Shared public computers like those in airport lounges, Internet cafes, public libraries, and hotel lobbies could be connected to keystroke loggers or infected with password-stealing viruses. DO NOT use them to access online banking or other websites containing confidential information about you. Don'ts Never e-mail your password or respond to an e-mailed request for your password or other confidential information. We will never ask you to submit confidential information in an e-mail. Only you should know your password. Requests for your passwords via e-mail are most assuredly scams. Do not include your login name in your password. Similarly, any part of your login name is a poor choice for a password. Avoid predictable sequences of characters, such as "1234" or "abcd", in your password. Automated password crackers often start by guessing predictable sequences such as these. Fraudulent Calls and Emails Numerous reports of suspicious telephone calls where the caller claims to represent your financial institution and is calling regarding the collection of an outstanding debt or there has been an issue regarding your debit card. The callers, who may not give information of who they are calling with, have alleged that the call recipient is delinquent in payment of a loan or debit card transaction. The account or transaction may not exist. The caller attempts to authenticate the claim by providing or asking you to verify sensitive personal information, such as name, Social Security number, and date of birth. Callers may sound aggressive or threatening. These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The bank generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions. If a caller demonstrates that he or she has the recipient's sensitive personal information, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a "fraud alert" on his or her credit report. This can be done by contacting one of the three consumer reporting companies listed below. That company is required to contact the other two, which will place an alert on their versions of the report. TransUnion: | 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 | Equifax: | 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 | Experian: | 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, TX 75013 |
Fraudulent Emails Below is information on an email fraudulently sent on behalf of NACHA NACHA does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive. Action: If you receive an email appearing to come from NACHA: DO NOT open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in the efforts with security experts and law enforcement officials to pursue the perpetrators. ATM Awareness The information below was obtained from https://public.shazam.net/cardholders_atm_safety.html and https://public.shazam.net/cardholders_fraud_education.html Approaching the ATM - Avoid facilities in dark or remote locations.
- If you see people lurking around the ATM, or any other situation that makes you uncomfortable, find a different machine.
- Take another person with you whenever possible.
- Have your card ready.
- Keep your doors locked and all passenger windows closed at a drive-up facility.
Using the ATM - Block the view of others by cupping your hand over the keypad as you enter your PIN and by standing between the terminal and any person who is waiting.
- Remove your cash, receipt, and card from the ATM after every transaction.
- Pocket cash immediately when you make a withdrawal.
Preventing Card Fraud - Memorize your PIN. Don't write it on your card or anything you carry near your card.
- Don't tell anyone your PIN or account number.
- Don't loan anyone your card.
- Report lost or stolen cards immediately. You may be liable for activity on your card if you do not report it as lost or stolen.
- NEVER give your PIN over the phone, especially cellular phones.
- NEVER respond to a link or phone number in an e-mail message requesting personal information. Phishers often use this scam to trick you into divulging personal data.
Caring for Your Card - Don't expose the magnetic stripe to other magnetic objects, which can deactivate your card.
- Record and file the name and phone numbers of your card's issuer for reporting loss or theft.
Fraud Education: Fight Back! Fight Back! Hundreds of people are affected by social engineering scams every day. In the last half of 2008 alone, more than 150,000 phishing messages were detected by the Anti-Phishing Working Group (APWG) with that number expected to increase annually. According to the Consumer Sentinel Network, in 2008 it received more than 640,000 fraud complaints from consumers, totaling more than $1.8 billion! Industry wide, cyber criminals and fraudsters are stealing people's banking account information and identity. This goes beyond simply taking money. Cyber crime, like most types of crime, has a long-term effect on those who have been victimized. Feelings of paranoia, distrust, insecurity, and the loss of control stay with victims for a long time after the crime has taken place. It is time to take a stand. The SHAZAM network, along with our participating financial institutions, is pleased to present a comprehensive, interactive guide to educating yourself about social engineering scams and ways to combat these types of fraud. Social Engineering Social engineering is a term coined to describe the techniques used by cyber criminals that trick people into revealing passwords or other information, compromising the security of your personal information. Common scams include: - Phishing - the type of scam used by fraudsters to gain account or identity information through e-mail.
- Vishing - also called VoIP phishing. This uses the same tactics as phishing; however it is typically done through the telephone.
- SMiShing - uses text messages on cellular phones to bait receivers into providing secured information.
Visit any of the links above to find out more about that specific scam. While our list is far from the complete list, since there are hundreds of different types of cyber scams and they are constantly evolving, we cover the major scams with tips and guides on how to recognize these scams, what you can do to protect yourself, and who to contact to report it. The Key is Prevention Protecting your information is the greatest weapon you have in preventing fraudsters from stealing your account information or identity. Simple things like shredding your old information or not clicking links in unsolicited e-mails will keep your information secure and drastically lower the chance of having your identity or account information compromised. According to the Federal Trade Commission (FTC), by following the tips below you can safeguard your information and help prevent social engineering scams from impacting you. - Do not give out personal information on the telephone, through e-mail, or over the Internet unless you know who you are dealing with.
- Never click on links sent in unsolicited e-mails.
- Keep your anti-virus and anti-spyware software up-to-date.
- Do not use an obvious password, such as birth dates, mother's maiden name, a pet's name, the last four digits of your Social Security number (SSN), etc.
- Shred all financial documents and paperwork before discarding them.
- Protect your SSN. Only give it out if it is necessary or ask to use another identifier.
- Keep your personal information in a secure place at home.
- Monitor your financial statements regularly and notify your financial institution immediately when you discover a potentially fraudulent transaction.
Above all, monitor your credit report regularly for unauthorized purchases or debts. The three nationwide consumer reporting companies provide a free copy of your credit report each year when you ask for it. Below are the contact numbers for each reporting institution. TransUnion: | 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 | Equifax: | 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 | Experian: | 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, TX 75013 |
Many companies claim to offer free credit reports but require you enroll in a monitoring program to receive these free reports. Be sure to read carefully when you are requesting your credit report to ensure you are not subscribing to any service you do not really want. SHAZAM also provides direct contact information to report lost or stolen ATM or debit cards, as well as telephone numbers to report fraud. - Lost or stolen cards: (800) 383-8000
It is time to take a stand against fraud scams. With your help and diligence, we can stop financial cyber crime and protect your identity. Viruses and Spyware Should I be concerned about Viruses & Spyware? The best way to protect your Internet Banking Account is by protecting your PC. You should protect your own home computer by installing reputable Anti-Virus & Anti-Spyware/Malware programs... and by ensuring that these programs are receiving frequent and possibly daily updates. You should also ensure that you install security patch updates on your PC for applications such as Microsoft Office and Internet Explorer, and for operating systems such as Windows and Apple OS. ? In addition, you should never share passwords unless you trust the person you are sharing with to access and use everything protected by that password. Plus, you should avoid performing Internet Banking or shopping transactions on a PC that you are unfamiliar with that may not be protected as described above. This could include restaurants, hotels, malls, airports, etc.). These are just a few tips that will go a long way towards protecting your personal accounts and other sensitive information. By following these precautions, you will greatly reduce the chance of thieves stealing personal information from your home computer. Computer Security Frequently Asked Questions on Computer Security Q: Do I have to buy expensive software to clean viruses from my computer? A: There are reputable programs available for free on the internet that may meet your needs. Be sure to do your homework prior to installing any software. Verify the software's reputation using software review websites such as Cnet.com, prior to installing the software. Some examples of free anti-virus protection and malware removal are: Program/Web Address Avast! Home Edition/ www.avast.com AVG/ www.free.avg.com Malwarebytes/ www.malwarebytes.org Microsoft Security Essentials/ www.microssoft.com/Security_Essentials Note: We cannot endorse or recommend any of the above programs. They are listed here only to show examples of what is available. Q: Is one anti-virus software program better than another? A: Marketing hype aside, all reputable antivirus software does pretty much the same job. Some may be better than others in regards to a particular feature, but any one of them is better than no antivirus software at all. However, there are a number of disreputable antivirus programs that actually do more harm than good. Be wary of any antivirus software that advertises itself via unsolicited e-mail (spam) or pop-up windows. Q: How do I know if my PC is infected? A: Infected PCs may exhibit suspicious behavior, such as running more slowly than normal, locking up often, crashing and restarting frequently, or displaying unusual error messages. Or they may exhibit no symptoms at all. Also, the suspicious behavior often shown by infected PCs may be caused by a number of other factors. So while a poorly performing computer should make you suspect that it may be infected, you won't know for sure unless you frequently scan your PC with an antivirus tool. Q: Are certain sites more prone to these threats? A: Your PC could be infected from a number of sources. Viruses can be transferred from PC to PC through the use of a shared USB Flash Drive. There are many instances where a nationally recognized company's website has been compromised and visitors to their site have been infected with malware. The best way to protect yourself is to protect your PC. Q: What do I need to do to protect my PC? A: While there is no solution that will protect you from every risk, if you take the following precautions, you can significantly reduce your exposure: - Install an antivirus program and configure it to update its virus definitions daily.
- Configure your computer and connection to the internet properly. Some computer systems come with a lot of security enabled by default. Ensure your computer and communications - wireless routers, DSL, or cable modems, etc. are properly connected.
- Turn on automatic software updates. This is a feature of some software which allows it to patch itself with very little effort from you. Make sure it's turned on for your operating system, security software, and any applications that have the option.
- Be aware of your Internet surroundings. Learn to tell scams from real email, and when not to follow links or open a document. It takes time and practice to develop Internet "street smarts."
- Perform regular backups. If your system becomes infected with a virus, you may have to reinstall your complete system. Backups ensure you don't lose your data if that becomes necessary.
Social Networking Security Social networking websites such as Facebook and MySpace allow you to reconnect with old friends and make new ones. They allow you to share ideas and the events of your life with the people in your network. However, the ease with which people can obtain the personal information you make available can be cause for security concerns. If you use social networking sites, you can protect yourself by following a few simple guidelines. Limit your available personal information Be wary of making too much personal information available online. Online banking and e-commerce sites frequently use "challenge questions" to help you recover a forgotten password, or for other security purposes. Often, your online profile will contain enough information to answer these questions. If a hacker has access to this information, he may be able to break into your online banking account. In fact, some online quizzes are nothing more than veiled attempts to gather answers to challenge questions. Use privacy settings to restrict who can access your information... Most social networking websites provide a way to limit what information is available and who can see it. Familiarize yourself with how the privacy settings work, and set them to limit your exposure as much as possible. If your social networking website has no privacy settings, consider taking your online socializing elsewhere. ... But don't rely on them E-commerce websites are held to a higher security standard than most other websites. Social networking sites have a spotty track record when it comes to protecting personal information. Even if your favorite website provides privacy settings, it may not enforce them as well as advertized. Vary your password Use a password for social networking websites that is different from the ones for your e-mail, e-commerce and financial websites. Ideally, you should use a different password on each website. Know who you are "friending" Consider refusing friend requests from people you don't know. They may be interested in more than your friendship. Beware of following links Links sent in messages sometimes lead to websites that distribute malware. Consider the source of the message: is it from someone who never sends you messages? Does the message sound like something your friend would send? If it looks suspicious, ask your friend if they really sent it. If they didn't, their computer may be infected with malware which actually sent you the message. Talk to your kids about security If you have children, talk to them frequently about how to remain safe online: - Help your kids understand what information should be private.
- Explain that kids should post only information that you - and they - are comfortable with others seeing.
- Use privacy settings to restrict who can access and post on your child's social networking website.
- Remind your kids that once they post information online, they can't take it back.
- Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.
- Consider using the social networking website your kids do, and become part of their network.
Malware Avoidance What is malware? Malware is a general term for software that is meant to cause harm. Computer viruses, spyware, adware, and Trojan horses are all examples of malware. Computer security experts like to compare malware with human diseases (which is why computer viruses are called "viruses" in the first place). The purpose of malware can be something as seemingly harmless (yet annoying) as popping up a window to show you unwanted advertising, or as dangerous as snooping on the keystrokes as you type your internet banking password. How do computers get malware? Computers become infected with malware through a number of mechanisms - sharing files on jump drives or floppy disks, opening suspicious e-mail attachments, or visiting websites that are themselves infected with malware. Additionally, malware can arrive via downloaded files, such as music or videos from a peer-to-peer file sharing networks (such as Kazaa or BitTorrent), or simply by visiting a website that has been hacked and infected. No longer is it a matter of staying away from "bad" websites. Unfortunately any website that is not properly secured can be hacked and infected with malware that could infect your PCWhy Should You Be Afraid of Malware? How do you avoid getting malware? The single most important step that you can take to protect your PC is to install and use well-known anti-virus software. Update the virus definitions regularly and scan your computer regularly. Most anti-virus scanners will provide tools to automate these tasks so that they take place when you are not using your computer. This software will help you when you visit a site that has been hacked and infected. - Use a software firewall. If you are using Windows XP or Vista, enable the Windows Firewall. If you have a Mac and are running OS X 10.2 or above, enable the built-in firewall.
- Avoid fake anti-malware. Unfortunately, there are rogue anti-malware vendors that promise to rid your computer of malware, but actually install malware instead, often holding your computer hostage until you pay them. Don't buy anti-malware software advertised in pop-up ads. Legitimate software isn't sold this way. GetNetWise.org (maintained by the Internet Education Foundation) has a list of legitimate security tools (http://security.getnetwise.org/tools/).
- Don't open suspicious e-mail attachments. Historically e-mail attachments are one of the most popular ways to spread malware. If you don't know what it is, delete it immediately rather than open it.
- Surf the web carefully. Malware often comes from "dodgy" web sites. Download and install software only from websites you know and trust. Scan any downloaded files for viruses before you open them.
How will I know if my computer is infected? If you have a Mac, your chances of being infected with malware are lower than if you are running Windows, although the incidence of Mac malware is on the rise. It is possible that malware will make its existence known through pop-up windows or messages on your screen. If your computer exhibits this sort of behavior, your computer is certainly infected. Otherwise, you should look for the following symptoms. Programs running slowly, crashing: many types of malware like to piggy-back on other applications, like web browsers, to monitor what they are doing. This can use a lot of your computer's resources, causing it to slow down considerably. On the other hand, some malware is just badly written and can slow down your computer or even crash other applications. Suspicious network traffic; slow internet connection: If you are running Windows, press the CTRL, ALT and Delete keys at the same time, then select "Task Manager" from the resulting window. When Task manager opens, click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be evidence of something using your internet connection without your knowledge. Anti-virus warnings: Antivirus software cannot be expected to find all malware, but it does detect about 75%. Some malware will attempt to download other malware to do more damage. Antivirus software may detect one of these applications but not both. An anti-virus warning, combined with other signs, is a good indication of an infection, especially if you're not currently browsing the web or copying files. What should I do if my computer is infected? First, stop banking, shopping, or other online activities that involve sensitive information. Confirm that your anti-virus software is enabled and up-to-date. Scan your computer for viruses. Allow the anti-virus software to do its job, cleaning up and deleting viruses. Some malware is very sophisticated and can be difficult to remove even with the tools mentioned here. If you suspect that your computer is still infected, you may want to contact a professional. Many of the stores that sell computers also have services to repair them; this may be a good place to find assistance. There are some helpful, legitimate (and free) resources that can aid in getting your computer healthy again: - Malwarebytes (http://www.malwarebytes.org/) has a number of tools that can help identify and remove malware from your computer.
- Windows Live OneCare safety scanner (http://onecare.live.com/scan) is a free service offered by Microsoft that can clean up malware as well as tuning up your PC.
|