Security Update

 

10 Scams Targeting Bank Customers

The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and their staff members provide information on where and how to report suspicious activity.  As part of that coverage, here is a list of 10 scams that you should be aware of, plus key defenses to remember.

1.  Government "imposter" frauds: These schemes often start with a phone call, a letter, an email, a text message or a fax supposedly from a government agency, requiring an upfront payment  or personal financial information, such as Social Security or bank account numbers.  "They might tell you that you owe taxes or fines or that you have an unpaid debt.  They might even threaten you with a lawsuit or arrest if you don't pay." said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "remember that if you provide personal information it can be used to commit fraud or be sold to identify theives.  Also, federal government agencies won't ask you to send money for prizes or unpaid loans, and they won't ask you to wire money to pay for anything."

2. Debt collection scams: Be on the lookout for fraudsters posing as debt collectors or law enforcement officials attempting to collect a debt that you don't really owe.  Red flags include a caller who won't provide written proof of the debt you supposedly owe or who threatens you with arrest or violence for not paying.

3. Fraudulent job offers: Criminals pose online or in classified advertisements as employers or recruiters offering enticing opportunites, such as working from home.  But if you're required to pay money in advance to "help secure the job" or you must provide a great deal of personal financial information for a "background check", those are red flags of a potential fraud.

4. "Phising" emails: Scam artists send emails pretending to be from banks, popular merchants or other known entities, and they ask for personal information such as bank account numbers, Social Security numbers, date of birth and other valuable details.  The emails usually look legitimate because they include graphics copied from authentic websites and messages that appear valid.  "We have also seen emails with links to fake websites that are exact copies of real websites for FDIC-insured banks, except the web addresses are slightly different than the real ones." said Doreen Eberley, director of the FDIC's Division of RIsk Management Supervision, which is in charge of the agency's policies and programs related to financial crimes.  "These sites are used to trick people into giving up valuable personal information that can be used to commit identity theft."

5. Mortgage foreclosure rescue scams: Today, many homeowners who are struggling financially and risk losing thier homes may be vulnerable to false promises to refinance a mortgage under better terms or rates.  But borrowers should always be on the lookout for scammers who falsely claim to be lenders, loan servicers, financial counselors, mortgage consultants, loan brokers or representatives of government agencies who can help avoid a mortgage foreclosure and offer a great deal at the same time.  These criminals will present homeowners with what sounds like the life-saving offer they need, instead, the homeowner is required to pay significant upfront fees or even worse, tricked into signing documents that, in the fine print, transfer the ownership of the properaty to the criminal involved.  Common warning signs of fraudulent mortgage assistance offers include a "guarantee" that foreclosure will be avoided and pressure to act fact.

6. Lottery scams: You might be told you won a lottery (typically one that you never entered) and asked to first send money to the "lottery company" to cover certain taxes and fees.  Similar examples involve bogus prize winnings and sweepstakes.  "In one example, a scammer sent a letter to people using falsified FBI and FDIC letterhead telling them they won a popular well-known lottery  but that they needed to send money by wire transfer to a lottery "official" in order to secure the winnings."  Benardo said, "the 'official' was really a crook hoping to trick people into sending money."

7. Elder frauds: Theives sometimes target older adults to try to cheat them out of some of their life savings.  For example, telemarketing scams may involve sales of bogus products and services that will never be delivered.  Warning signs include unsolicited phone calls asking for a large amount of money before receiving the goods or services, and special offers for senior citizens that seem too good to be true, like an investment "guaranteeing" a very high return.  To help seniors and their caregivers avoid financial exploitation, the FDIC and the Consumer Financial Protectin Bureau have developed Money Smart for Older Adults, a curriculum with information and resources.

8. Overpayment scams: This popular scam starts when a stranger sends a consumer or a business a check for something, such as an item being sold on the internet, but the check is for far more than the agreed upon sales price.  The scammer then tells the consumer to deposit the check and wire the difference to someone else who is supposedly owed money by the same check writer.  In a few days, the check is discovered to be a counterfeit and the depositor may be held responsible for any money wired out of the bank account. Victims may end up owing thousands of dollars to the financial institution that wired the money, and sometimes they've also sent the merchandise to the fraud artiists, too.

9. "Ransomware": This term refers to malicious software that holds a computer, smartphone or other device hostage by restricting access until a ransom is paid.  The most common way ransomware and other malicious software spreads is when someone clicks on a infected email attachment or a link in an email that leads to a contaminated file or website.  Malware also can spread across a network of linked computers or be passed around on a contaminated storage device, such as a thumb drive.

10. Jury duty scams: A thief makes phone calls pretending to be a law enforcement official warning innocent people that they failed to appear for jury duty and threating an arrest unless a "fine" is paid immediately.  And to pay up, the caller asks for debit account and PIN numbers, allowing the perpetrator to create a fake debit card and drain the account.

What You Can Do: Plus the basics on how to protect your personal information and your money

While we have described many forms of financial scams, the red flags to look out for are often similar.  And so are the things you can do to help protect yourself and your money.  Here are some basic precautions to consider, especially when engaging in financial transactions with strangers through email, over the phone or on the internet.

  • Avoid offers that seen "too good to be true". As Eberly noted, "If someone promises 'opportunities' that are free or with surpisingly low costs or high returns, it is probably a scam.  Be especially suspicious if someone pressures you into making a quick decision or to keep a transaction a secret."
  • No matter how legitimate an offer or request may look or sound, don't give your personal information, such as bank account information, credit and debit card numbers, Social Security numbers and passwords, to anyone unless you initiate the contact and know the other party is reputable.
  • Remember that financial insitutions will not send you an email or call to ask you to put account numbers, passwords or other sensitive information in your response because they already have this information.  To verify the authenticity of an email, independently contact the supposed source by using an email address or telephone number that you know is valid.
  • Be cautious of unsolicited emails or text messages asking you to open an attachment or click on a link.  This is a common way for cybercriminals to distribute malicious software, such as ransomware.  Be especially cautious of emails that have typos or other obvious mistakes.
  • Use reputable anti-virus software that periodicaly runs on your computer to search for and remove malicious software.  Be careful if anyone (even a friend) gives you a thumb drive because it could have undetected malware, such as ransomware, on it.  If you still want to use a thumb drive from someone else, use the anti-virus software on your computer to scan the files before opening them.
  • Don't cash or deposit any checks, cashier's checks or money orders from strangers who ask you to wire any of that money back to them or an associate.  If the check or money order proves to be a fake, the money you wired out of your account will be difficult to recover.
  • Be wary of unsolicited offers "guaranteeing" to rescue your home from foreclosure.  If you need assistance, contact your loan servicer (the company that collects the monthly payment for your mortgage) to find out if you may qualify for any programs to prevent foreclosure or to modify your loan without having to pay a fee.  Also consider consulting with a trained professional at a reputable counseling agency that provides free or low-cost help.  Go to the U.S. Department of Housing and Urban Development website for a referral to a nearby housing counseling agency approved by HUD.
  • Monitor credit card bills and bank statements for unauthorized purchases, withdrawals or anything else suspicious, and report them to your bank right away.
  • Periodically review your credit reports for signs of identity theft, such as someone obtaining a credit card or a loan in your name.  By law, you are entitled to recieve at least one free credit report every 12 months from each of the nation's three main bureaus (Equifax, Experian and TransUnion). Start at AnnualCreditReport.com or call 1-877-322-8228.  If you spot a potential problem, call the fraud department at the credit bureau that produced that credit report.  If the account turns out to be fraudulent, ask for a "fraud alert" to be placed on your file at all three of the major credit bureaus.  The alert tells lenders and other users of credit reports that you have been a victim of fraud and that they should verify any new accounts or changes to accounts in your name.
  • Contact the FDIC's Consumer Response Center (CRC) if you have questions about possible scams or you are the victim of a scam experiencing difficulty resolving the issue with a financial institution.  The CRC answers inquiries about consumer protection laws and regulations and conducts thorough investigations of complaints about FDIC supervised institutions.  If the situation involves a financial insitution for which the FDIC is not the primary federal regulator, CRC staff will refer the matter to the appropriate regulator.  Vist our webpage on submitting complaints or call 1-877-ASK-FDIC Monday - Friday.

Choosing and Using the Right Bank Account

With so many options for checking and savings accounts, FDIC Consumer News encourages people to think about how they want to handle their money on a daily basis and what they consider to be their longer-term financial goals.  For instance, before deciding on a particular bank account, consumer may want to reflect on how they pay for purchases and how often they make deposits.  Comparison shopping can save consumer money because fees and interest rates will vary from institution to institution.  www.fdic.gov/consumers/consumer/news/cnsum16

Precautions to Take When Deposting a Check with Your Smartphone or Tablet: More Consumers are starting to use a banking service often called "remote deposit capture" (RDC), which enables them to deposit a check into their account from anywhere they can access their account remotely.  FDIC Consumer News describes now to understand a bank's RDC policies and fees, monitor a bank account to confirm when funds from deposited checks will be available, and take other steps to avoid potential problems.www.fdic.gov/consumers/consumer/news/cnsum16

When Small Charges Can Signal a Big Crime: Most people looking at their bank statements would probably notice if their credit or debit card were used without theri approval to buy a big ticket item.  BUt consumers are less likely to be suspicious of very small charges, including those less than a dollar.  That's why theives who fraudulently create counterfeit cards might conduct small transactions as a test to see if the purchases go through and are unnoticed by the true account holders before they start conducting big transactions.  FDIC Consumer News offers tips for consumers on how to protect themselves.www.fdic.gov/consumers/consumer/news/cnsum16

How to Prepare Financially for a Disaster: Without warning, a flood, fire or other disaster could leave individuals with a severely damaged ome, destroyed belongings and barriers to managing their finances.  FDIC Consumer News recommends having a disaster plan that includes periodically reviewing property insurance coverage, building and maintaining an emergency savings fund, setting up a direct deposit of paychecks or government benefits, and gathering and protecting important financial documents.  These precautions can have a major effect on access to cash and financial services immediately following a disaster.www.fdic.gov/consumers/consumer/news/cnsum16

Cybersecurity Best Practices

Lock it up
When you step away from your desk, do you lock your computer?
To avoid possible information leaks simply remember to lock your computer before you leave your desk.
Think before you click
You just got an e-mail. Did you take a second to look it over before you clicked?
Once a click is made, you can’t take it back. Don’t click on any link unless you know you can trust the source. If you are unsure – don’t click.
Be a cautious surfer
The internet can be a risky place if you aren’t careful. It is easy to pick up infections or malicious viruses simply by entering an infected site. The bad guys will set you up to fail by enticing you to the infected site.
Be smart with your phone
Smart phones make it easier for you to surf the web, check e-mails, and look at your bank account – it also creates a new route for the hackers to attack you from. They are pocket sized computers, and the same security rules apply.

  • Don’t open an e-mail if you don’t know the sender
  •  Don’t text message personal information

Be aware of social engineering
This is the non-technical way hackers get information – fake phone calls, phishing e-mails, impersonation are all used in attempts to get a hold of sensitive information. Learn to identify a social engineering attack – go with your gut – when in doubt error on the side of caution – always alert management.
Back it up
Breaches, hackers, disasters, and even employee errors can all cause data loss. Make sure all critical data is backed up. Network operations does this for you, and Citrix makes sure you get the data in the right place to be backed up – you guys are so lucky……..Make sure you back up your home computers too.

Computer Security Tips for Bank Customers: A Basic Checklist

Computer-related crimes affecting businesses or consumers are frequently in the news. While federally insured financial institutions are required to have vigorous information security programs to safeguard financial data, consumers also need to know how to protect and maintain their computer systems so they can steer clear of fraudsters. Here is a short checklist.

1. Protect your computer. Install anti-virus software that scans your computer for malicious software ("malware") that can steal login IDs, passwords and account information (including credit or debit card numbers). Also use a firewall program to guard against unauthorized access to your computer. Anti-virus protection and firewall options vary, and some are free. Be sure to set the software to update automatically.

2. Safeguard your smartphone, tablet and similar mobile devices, especially when using them for banking or
shopping. Reduce your risk of downloading "apps" (applications) that contain malware by using well-known app stores, such as those established by your phone manufacturer or cellular service provider, or from the official Web site of the bank. Also, to ensure that you have the latest fixes to software problems affecting mobile devices, opt for automatic updates for your operating system and apps or manually download updates as soon as you receive notice that they are available. Some banks provide customers with anti-malware software that can be loaded on a smartphone. You can also purchase the software from a reputable vendor. And, don't leave your mobile device unattended. In case your device does get lost or stolen, use a password or other security feature to restrict access. You should enable the "time-out" or "auto-lock" feature on your mobile device to secure it when it's not used for a period of time.

3. Understand your Internet safety features. When you are buying something online or filling out an application that contains sensitive personal information, you can have greater confidence in a Web site that encrypts or scrambles the information as it travels to and from your computer. Look for a padlock symbol on the page and a Web address that starts with "https://." The "s" stands for "secure."

4. Be careful where and how you connect to the Internet. A public computer, such as at an Internet café or hotel business center, may not have up-to-date security software and could be infected with malware. Also, for online banking or shopping, avoid connecting your computer, tablet or smartphone to a wireless network at a public "hotspot" (such as a coffee shop, hotel or airport).

5. Be suspicious of unsolicited e-mails and text messages asking you to click on a link or download an attachment. It's easy for fraudsters to copy corporate or government logos into fake e-mails that can install malware on your computer. Your best bet is to ignore any unsolicited request for immediate action or personal information, no matter how genuine it looks.  If you decide to validate the request by contacting the party that it is supposedly from, use a phone number or e-mail address that you have used before or otherwise know to be correct. Don't rely on the one provided in the e-mail.

6. Use "strong" IDs and passwords and keep them secret. Choose combinations of upper- and lower-case letters, numbers and symbols that are hard for a hacker to guess. Don't, for example, use your birthdate or address. Also don't use the same password for different accounts because a criminal who obtains one password can log in to other accounts. Finally, make sure to change your passwords on a regular basis.

7. Take precautions on social networking sites. Criminals can go there to gather details such as someone's date or place of birth, mother's maiden name or favorite pet and use that information to figure out and reset passwords. Fraudsters also may pretend to be your "friend" to persuade you to send money or divulge personal information. More tips on avoiding fraud on social media sites are available from the FBI and the Internet Crime Complaint Center.

For more tips on computer and Internet security for bank customers, including how to protect yourself from data breaches, see back issues of FDIC Consumer News. Also watch the FDIC's multimedia presentation "Don't Be an Online Victim."

Take Control of Your Debit Card

Take control of your debit card by setting up purchase alerts through Visa.
https://purchasealerts.visa.com/vca-web/check

Routing Numbers

New ABA Online Tool Allows Consumers to Find Routing Numbers
ABA has launched a new online tool that allows consumers to look up bank routing numbers. The tool searches the database containing all of the routing numbers -- also known as ABA numbers or routing transit numbers -- for U.S. financial institutions.

“The term ‘routing number’ is the most-searched-for term on aba.com,” said ABA SVP Diane Poole. “We responded by developing an easy-to-use search tool, so consumers can quickly and confidently find any bank’s routing number.”

Banks are encouraged to post a link to the tool on their websites as a customer resource. It allows users to enter a financial institution’s name and location to find a routing number, or enter a routing number to find the institution’s name, and it can be found at routingnumber.aba.com.

Instituted by ABA more than a century ago, the routing number was created to ensure accuracy by assigning a unique nine-digit numerical identifier to a financial institution. Used for check processing, electronic funds transfer and online banking, the numbers continue to serve as the backbone of payment processing. Read more about routing numbers.

Information Security Advice

 

8 Tips to Protect Your Identity

Identity theft continues to be one of the fastest growing crimes in the United States. In 2014, there were 12.7 million victims of identity fraud in the U.S., according to Javelin Strategy and Reasearch. Peoples Bank & Trust recommends following these tips to keep your information – and your money – safe.

  1. Don’t share your secrets.

Don’t provide your Social Security number or account information to anyone who contacts you online or over the phone. Protect your PINs and passwords and do not share them with anyone. Use a combination of letters and numbers for your passwords and change them periodically. Do not reveal sensitive or personal information on social networking sites.

  1. Shred sensitive papers.

Shred receipts, banks statements and unused credit card offers before throwing them away.

  1. Keep an eye out for missing mail.

Fraudsters look for monthly bank or credit card statements or other mail containing your financial information. Consider enrolling in online banking to reduce the likelihood of paper statements being stolen. Also, don’t mail bills from your own mailbox with the flag up.

  1. Use online banking to protect yourself.

Monitor your financial accounts regularly for fraudulent transactions. Sign up for text or email alerts from your bank for certain types of transactions, such as online purchases or transactions of more than $500.

  1. Monitor your credit report.

Order a free copy of your credit report every four months from one of the three credit reporting agencies at annualcreditreport.com.

  1. Protect your computer.

Make sure the virus protection software on your computer is active and up to date. When conducting business online, make sure your browser’s padlock or key icon is active. Also look for an “s” after the “http” to be sure the website is secure.

  1. Protect your mobile device.

Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen. Before you donate, sell or trade your mobile device, be sure to wipe it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen. Use caution when downloading apps, as they may contain malware and avoid opening links and attachments – especially for senders you don’t know.

  1. Report any suspected fraud to your bank immediately.

 

5 Ways to Protect Your Small Business from Account Fraud

Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Peoples Bank & Trust recommends following these tips to keep your small business safe.

  1. Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
  2. Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
  3. Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
  4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
  5. Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

For additional information, contact Consumer Banking Department at Peoples Bank & Trust. You can also visit the following websites to learn more about how to protect your small business:

https://www.nacha.org/content/corporate-account-takeover-resource-center

 

12 Ways to Protect Your Mobile Device

Your mobile device provides convenient access to your email, bank and social media accounts. Unfortunately, it can potentially provide the same convenient access for criminals. Peoples Bank & Trust recommends following these tips to keep your information – and your money – safe.

  1. Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
  2. Log out completely when you finish a mobile banking session.
  3. Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
  4. Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
  5. Download the updates for your phone and mobile apps.
  6. Avoid storing sensitive information like passwords or a social security number on your mobile device.
  7. Tell your financial institution immediately if you change your phone number or lose your mobile device.
  8. Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
  9. Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
  10. Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
  11. Watch out for public Wi-Fi. Public connections aren't very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
  12. Report any suspected fraud to your bank immediately.

 

7 Tips for Protecting Yourself Online

Though the internet has many advantages, it can also make users vulnerable to fraud, identity theft and other scams. According to Symantec, 12 adults become a victim of cybercrime every second. Peoples Bank & Trust recommends the following tips to keep you safe online:

  1. Keep your computers and mobile devices up to date.  Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
     
  2. Set strong passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
     
  3. Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.  
     
    • Forward phishing emails to the Federal Trade Commission (FTC) at spam@uce.gov – and to the company, bank, or organization impersonated in the email.
       
  4. Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc.  Be wary of requests to connect from people you do not know.
     
  5. Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
     
  6. Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
     
  7. Read the site’s privacy policies. Though long and complex, privacy policies tell you how the site protects the personal information it collects. If you don’t see or understand a site’s privacy policy, consider doing business elsewhere.