Security Tips - Archives
September Security Tip
Financial Readiness in an Emergency
Unfortunately, the news in recent months has been full of headlines about natural disasters across the country. Home is where most people feel safe and comfortable. But sometimes when a hurricane, flood, tornado, wildfire, or other disaster strikes it's safest to pack up and go to another location.
When it comes to preparing for situations like weather emergencies, financial readiness is as important as a flashlight with fully charged batteries. Leaving your home can be stressful, but knowing that your financial documents are up-to-date, in one place, and portable can make a big difference at a difficult time.
Here are some tips for financial readiness in case of an emergency:
Conduct a household inventory. Make a list of your possessions and document it with photos or a video. This could help if you are filing insurance claims. Keep one copy of your inventory in your home on a shelf in a lockable, fireproof file box; keep another in a safe deposit box or other secure location.
Buy a lockable, fireproof file box. Place important documents in the box; keep the box in a secure, accessible location on a shelf in your home so that you can "grab it and go" if the need arises. Among the contents:
- your household inventory
- a list of emergency contacts, including family members who live outside your area
- copies of current prescriptions
- health insurance cards or information
- policy numbers for auto, flood, renter's, or homeowner's insurance, and a list of telephone numbers of your insurance companies
- copies of other important financial and family records (or notes about where they are) including deeds, titles, wills, birth and marriage certificates, passports, and relevant employee benefit and retirement documents. Except for wills, keep originals in a safe deposit box or some other location. If you have a will, ask your attorney to keep the original document.
- a list of phone numbers or email addresses of your creditors, financial institutions, landlords, and utility companies (sewer, water, gas, electric, telephone, cable)
- a list of bank, loan, credit card, mortgage, lease, debit and ATM, and investment account numbers
- Social Security cards
- backups of financial data you keep on your computer
- an extra set of keys for your house and car
- the key to your safe deposit box
- a small amount of cash or traveler's checks (financial institutions or ATMs may be closed)
Consider renting a safe deposit box for storage of important documents. Original documents to store in a safe deposit box might include:
- deeds, titles, and other ownership records for your home, autos, RVs, or boats
- credit, lease, and other financial and payment agreements
- birth certificates, naturalization papers, and Social Security cards
- marriage license/divorce papers and child custody papers
- passports and military papers (if you need these regularly, you could place the originals in your fireproof box and a copy in your safe deposit box)
- appraisals of expensive jewelry and heirlooms
- certificates for stocks, bonds, and other investments and retirement accounts trust agreements
- living wills, powers of attorney, and health care powers of attorney insurance policies
- home improvement records
- household inventory documentation
- a copy of your will
Choose an out-of-town contact. Ask an out-of-town friend or relative to be the point of contact for your family, and make sure everyone in your family has the information. After some emergencies, it can be easier to make a long distance call than a local one.
Update all your information. Review the contents of your household inventory, your fireproof box, safe deposit box, and the information for your out-of-town contact at least once a year.
August Security Tip
Advanced Password Tips and Tricks
Federal Trade Commission Consumer Information
Time to create another password? Make it a secure one. A little extra attention when you create a strong password can prevent an attacker from getting access to your account.
Your password should be long, complex, and unique. Here are additional steps you can take to help create strong passwords and secure your accounts:
- Avoid common words, phrases, or information. Don't use information available to others like your birthday, phone number, or Social Security number. Attackers often use a dictionary of previously exposed passwords and information gathered from the internet to help them guess a password.
- Change passwords quickly if there is a breach. Attackers who steal data from companies often obtain password information. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.
- Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a password manager, an easy-to-access application that allows you store all your valuable password information in one place. Use a strong password to secure the information in your password manager.
What about security questions? If you forget your password, many companies require you to answer security questions to regain access. Here are some tips to make sure an attacker can't use your security questions as a way to get into your account:
- Select security questions where only you know the answer. Many security questions ask for answers to information available in public records or online, like your zip code, mother's maiden name, birth place. That is information a motivated attacker can obtain.
- Don't use answers to security questions that can be guessed. An attacker can guess the answer to a security question that has a limited number of responses (dates, colors, states, countries). Avoid questions like "What state were you born in?" or "What color was your first car?" which allow an attacker to guess all possible answers.
- Don't give a generic answer to a security question. Find an answer to a security question that you will remember but is also more complicated than a generic word. For example, if the security question asks "What is your favorite childhood memory?" the answer "watching the Dodgers with my mom" is more secure than "baseball."
July Security Tip
10 Scams Targeting Bank Customers
From FDIC Consumer News - Summer 2017
The FDIC often hears from bank customers who believe they may be the victims of financial fraud or theft, and our staff members provide information on where and how to report suspicious activity. To help further, FDIC Consumer News includes crime prevention tips in practically every issue. As part of that coverage, we feature here a list of 10 scams that you should be aware of, plus key defenses to remember.
- Government “imposter” frauds: These schemes often start with a phone call, a letter, an email, a text message or a fax supposedly from a government agency, requiring an upfront payment or personal financial information, such as Social Security or bank account numbers.
“They might tell you that you owe taxes or fines or that you have an unpaid debt. They might even threaten you with a lawsuit or arrest if you don’t pay,” said Michael Benardo, manager of the FDIC’s Cyber Fraud and Financial Crimes Section. “Remember that if you provide personal information it can be used to commit fraud or be sold to identity thieves. Also, federal government agencies won’t ask you to send money for prizes or unpaid loans, and they won’t ask you to wire money to pay for anything.”
- Debt collection scams: Be on the lookout for fraudsters posing as debt collectors or law enforcement officials attempting to collect a debt that you don’t really owe. Red flags include a caller who won’t provide written proof of the debt you supposedly owe or who threatens you with arrest or violence for not paying.
- Fraudulent job offers: Criminals pose online or in classified advertisements as employers or recruiters offering enticing opportunities, such as working from home. But if you’re required to pay money in advance to “help secure the job” or you must provide a great deal of personal financial information for a “background check,” those are red flags of a potential fraud.
Another variation on this scam involves fake offers of part-time jobs as “mystery shoppers,” who are people paid to visit retail locations and then submit confidential reports about the experience. In an example of the fraudulent version, your job might be to receive a $500 check, go “undercover” to your bank, deposit the check into your account there, and then report back about the service provided. But you also would be instructed to immediately wire your new “employer” $500 out of your bank account to cover the check you just deposited. Days later, the bank will inform you that the check you deposited is counterfeit and you just lost $500 to thieves. One warning sign of this type of scam is that the potential employer requires you to have a bank account.
- “Phishing” emails: Scam artists send emails pretending to be from banks, popular merchants or other known entities, and they ask for personal information such as bank account numbers, Social Security numbers, dates of birth and other valuable details. The emails usually look legitimate because they include graphics copied from authentic websites and messages that appear valid.
“We have also seen emails with links to fake websites that are exact copies of real websites for FDIC-insured banks, except the web addresses are slightly different than the real ones,” said Doreen Eberley, director of the FDIC’s Division of Risk Management Supervision, which is in charge of the agency’s policies and programs related to financial crimes. “These sites are used to trick people into giving up valuable personal information that can be used to commit identity theft.”
- Mortgage foreclosure rescue scams: Today, many homeowners who are struggling financially and risk losing their homes may be vulnerable to false promises to refinance a mortgage under better terms or rates. But borrowers should always be on the lookout for scammers who falsely claim to be lenders, loan servicers, financial counselors, mortgage consultants, loan brokers or representatives of government agencies who can help avoid a mortgage foreclosure and offer a great deal at the same time. These criminals will present homeowners with what sounds like the life-saving offer they need. Instead, the homeowner is required to pay significant upfront fees or, even worse, tricked into signing documents that, in the fine print, transfer the ownership of the property to the criminal involved. Common warning signs of fraudulent mortgage assistance offers include a “guarantee” that foreclosure will be avoided and pressure to act fast.
- Lottery scams: You might be told you won a lottery (typically one that you never entered) and asked to first send money to the “lottery company” to cover certain taxes and fees. Similar examples involve bogus prize winnings and sweepstakes. “In one example, a scammer sent a letter to people using falsified FBI and FDIC letterhead telling them they won a popular, well-known lottery but that they needed to send money by wire transfer to a lottery ‘official’ in order to secure the winnings,” Benardo said. “The ‘official’ was really a crook hoping to trick people into sending money.”
- Elder frauds: Thieves sometimes target older adults to try to cheat them out of some of their life savings. For example, telemarketing scams may involve sales of bogus products and services that will never be delivered. Warning signs include unsolicited phone calls asking for a large amount of money before receiving the goods or services, and special offers for senior citizens that seem too good to be true, like an investment “guaranteeing” a very high return. To help seniors and their caregivers avoid financial exploitation, the FDIC and the Consumer Financial Protection Bureau have developed Money Smart for Older Adults, a curriculum with information and resources.
- Overpayment scams: This popular scam starts when a stranger sends a consumer or a business a check for something, such as an item being sold on the internet, but the check is for far more than the agreed-upon sales price. The scammer then tells the consumer to deposit the check and wire the difference to someone else who is supposedly owed money by the same check writer. In a few days, the check is discovered to be a counterfeit, and the depositor may be held responsible for any money wired out of the bank account. Victims may end up owing thousands of dollars to the financial institution that wired the money, and sometimes they’ve also sent the merchandise to the fraud artists, too.
- "Ransomware": This term refers to malicious software that holds a computer, smartphone or other device hostage by restricting access until a ransom is paid. The most common way ransomware and other malicious software spreads is when someone clicks on an infected email attachment or a link in an email that leads to a contaminated file or website. Malware also can spread across a network of linked computers or be passed around on a contaminated storage device, such as a thumb drive.
- Jury duty scams: A thief makes phone calls pretending to be a law enforcement official warning innocent people that they failed to appear for jury duty and threating an arrest unless a “fine” is paid immediately. And to pay up, the caller asks for debit account and PIN numbers, allowing the perpetrator to create a fake debit card and drain the account.
For more information, please visit the FDIC Consumer News website.
June Security Tip
Protecting the Elderly From Financial Abuse
From American Bankers' Association
You, or someone you know, could become the victim of a growing crime in America — financial abuse of older Americans. Seniors are increasingly becoming targets for financial abuse. As people over 50 years old control over 70 percent of the nation's wealth, fraudsters are using new tactics to take advantage of retiring baby boomers and the growing number of older Americans. Senior financial abuse is estimated to have cost victims at least $2.9 billion last year alone.
What Is Elder Financial Abuse?
It’s a crime that deprives older adults of their resources and ultimately their independence. Anyone who sees signs of theft, fraud, misuse of a person’s assets or credit, or use of undue influence to gain control of an older person’s money or property should be on the alert. Those are signs of possible exploitation. Older Americans that may have disabilities or rely on others for help can be susceptible to scams and other fraud. Advances in technology can also make it difficult for seniors to know who to trust and what's safe.
Despite these threats, taking simple steps to safeguard personal information and being aware of warning signs can protect aging men and women from financial abuse.
Tips for Seniors: What should you do to protect yourself?
- Plan ahead to protect your assets and to ensure your wishes are followed. Talk to someone at your financial institution, an attorney, or financial advisor about the best options for you.
- Shred receipts, bank statements and unused credit card offers before throwing them away.
- Carefully choose a trustworthy person to act as your agent in all estate-planning matters.
- Lock up your checkbook, account statements and other sensitive information when others will be in your home.
- Order copies of your credit report once a year to ensure accuracy.
- Never give personal information, including Social Security Number, account number or other financial information to anyone over the phone unless you initiated the call and the other party is trusted.
- Never pay a fee or taxes to collect sweepstakes or lottery “winnings.”
- Never rush into a financial decision. Ask for details in writing and get a second opinion.
- Consult with a financial advisor or attorney before signing any document you don’t understand.
- Get to know your banker and build a relationship with the people who handle your finances. They can look out for any suspicious activity related to your account.
- Check references and credentials before hiring anyone. Don’t allow workers to have access to information about your finances.
- Pay with checks and credit cards instead of cash to keep a paper trail.
- Feel free to say “no.” After all, it’s your money.
- You have the right not to be threatened or intimidated. If you think someone close to you is trying to take control of your finances, call your local Adult Protective Services or tell someone at your bank.
- Trust your instincts. Exploiters and abusers often are very skilled. They can be charming and forceful in their effort to convince you to give up control of your finances. Don’t be fooled—if something doesn’t feel right, it may not be right. If it sounds too good to be true, it probably is.
May Security Tip
Laptop Security Tips
From The Federal Trade Commission
A minor distraction is all it takes for a laptop to vanish. If it goes missing, all the valuable information stored on it may fall into the hands of an identity thief. Keep these tips in mind when you’re out and about with your laptop:
Treat your laptop like cash: If you had a wad of money sitting out in a public place, would you turn your back on it — even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep the same watchful eye on your laptop as you would on your cash.
Lock your laptop with a security cable: In the office, a hotel, or some other public place, use a laptop security cable. Attach it to something immovable or to a heavy piece of furniture — say, a table or a desk.
Be on guard in airports and hotels: Keep your eye on your laptop as you go through airport security. Hold onto it until the person in front of you has gone through the metal detector — and keep an eye out when it emerges on the other side. The confusion and shuffle of security checkpoints can be fertile ground for theft. If you stay in hotels, a security cable may not be enough. Store your laptop in the safe in your room. If you leave your laptop attached to a security cable in your hotel room, consider hanging the "do not disturb" sign on your door.
Consider an alarm: Depending on your security needs, an alarm on your laptop can be a useful tool. Some laptop alarms sound when there's unexpected motion, or when the computer moves outside a specified range. A program that reports the location of your stolen laptop once it's connected to the internet also can be useful.
Consider carrying your laptop in something else less obvious than a laptop case:When you take your laptop on the road, carrying it in a computer case may advertise what's inside. Consider using a suitcase, a padded briefcase, or a backpack instead.
Don't leave it — even for just a minute:
Your conference colleagues seem trustworthy, so you're comfortable leaving your laptop while you network during a break. The people at the coffee shop seem nice, so you ask them to keep an eye on it while you use the restroom. Not a good idea.
Don't leave your laptop unguarded — even for a minute: Take it with you if you can, or at least use a cable to secure it to something heavy.
Don't leave your laptop in a car:Parked cars are a favorite target of laptop thieves. If you have no choice and you must leave it in your car, keep it locked up and out of sight.
Don’t put your laptop on the floor:No matter where you are in public — at a conference, a coffee shop, or a registration desk — don’t put your laptop on the floor. If you must put it down, place it between your feet or up against your leg so you remember that it’s there.
Don’t keep passwords with your laptop or in its case: Remembering strong passwords or access numbers can be a challenge. However, leaving them in your laptop carrying case or on your laptop is like leaving your keys in your car. Don’t make it easy for a thief to get to your personal or corporate information.
Telephone Banking Safety Tips
From FDIC Consumer News
Being aware of Vishing is an important part of telephone banking safety. Vishing (or voice phishing) is when fraudsters obtain personal details through the phone asking you to reveal or key-in confidential details. Fraudsters could contact you via calls, text messages, voice messages, etc. Please ensure that you do not respond to such unsolicited communications.
You know that it is an attempt at vishing when:
• You receive promotional messages asking you to provide confidential information.
• You receive calls made from persons claiming to be a bank representative who do not know your first and last name. Keep in mind, Washington Trust will never call to ask for your Social Security Number, Account Number or Debit Card Number. If you receive a call from someone indicating they are from Washington Trust or are affiliated with a service; and personal identifying information is requested, hang up and contact Washington Trust directly.
• You receive an automated call telling you that transactions have taken place on your account and instructing you to either provide confidential bank account information or call back a particular number. Always refer to advertised Telephone Banking phone numbers from Washington Trust (800-226-5877 or 401-348-1399). If the telephone number seems suspicious, do not provide any information whether you’re talking with a live person or responding to automated prompts using a touch tone phone.
Additional telephone safety tips:
• Do not share or write down your account number or PIN.
• Select a PIN that’s easy for you to remember but that is not easily researched. Avoid using the last four digits of your Social Security Number, Account Number or Date of Birth. Also, avoid simple sequences such as 1234 or 1111.
• Do not access the telephone banking system through public phones.
Avoiding Scams: Sticking to the Basics Can Go a Long Way
From FDIC Consumer News
There is plenty of information available to consumers to help avoid being a fraud or theft victim. "But some people complain that there is too much to remember and that being vigilant can be a daunting task," said Millie Spencer, a financial crimes specialist with the FDIC. Here's a short list of simple ways to avoid many financial crimes.
Never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message, e-mail, call or letter. An identity thief can use this information to apply for credit cards or loans, access your bank accounts online or otherwise commit fraud using your name.
Crooks often send e-mails, text messages or phone messages that appear to be from a legitimate, trusted organization asking consumers to "verify" or "update" personal information. The scam is called phishing because the criminals throw out bait in hopes of luring a consumer into biting.
Criminals also create bogus web sites in hopes that consumers will enter valuable personal information. "We've seen everything from fake bank web sites to sites offering payday loans or credit repair services," added Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "Some of these sites offer incredibly low prices or other enticing promotions."
And, as Spencer noted, "Always be suspicious of these types of requests because a legitimate organization would not solicit updates in an unsecured manner for information it already has."
Think twice before opening attachments or clicking on links in unsolicited e-mails and text messages. These messages may install "malware" (malicious software) on your computer or cellphone. "This software could allow crooks to spy on you and gain access to your online banking sites," explained Benardo.
To confirm a message's validity, contact the supposed sender. "But don't automatically assume the contact information listed in the e-mail is accurate," said Benardo. He recommended finding the telephone number, web site or e-mail address from an independent, reliable source.
Deal only with reputable merchants, service providers and charities. Friends and family may be able to provide recommendations. You can search for complaints against a business by contacting your state or local consumer affairs office and your local Better Business Bureau. There also are popular sites on the Internet for consumer ratings and reviews of businesses.
Fraud artists also claim to be from legitimate charitable organizations — especially after a major disaster — and ask for "donations." The Better Business Bureau's Wise Giving Alliance and other organizations can help you find legitimate charities with good reputations.
Be on guard against counterfeit checks, cashier's checks or money orders. These often are associated with scams that say you have won a lottery or other prize, are bogus work-from-home offers, or are attempts to steal something you are selling on the Internet.
They can also be associated with offers to purchase items you are selling online or through classified ads. Be especially leery if you get a check for more than the amount due and you're instructed to return the difference by depositing the check and wiring the excess amount to the other party's account or to an associate. If the check turns out to be counterfeit, you will be out the money regardless of whether you sent a check, wire or cash.
Be wary of unsolicited investment offers that sound too good to pass up or that require you to act fast. "Statements about low-risk investments with ‘guaranteed returns' that are unusually high are red flags," said Luke W. Reynolds, Acting Associate Director in the FDIC's Division of Depositor and Consumer Protection.
He also advised walking away from any offer that involves pressure to pay cash or provide personal information right away.
Protect your mail and other documents at home. Thieves know that credit card or bank statements and other documents contain valuable, confidential information. Try to use a secure mailbox for your incoming mail. Keep bank and credit card statements, tax returns, credit and debit cards and blank checks secure, even at home. Also shred sensitive documents before discarding them. Similarly, use an updated security program to protect your computer.
Look at your bank statements and credit card bills as soon as they arrive. Immediately report any discrepancy or anything suspicious, such as an unauthorized withdrawal or charge, to your financial institution.
Periodically review your credit reports and dispute any inaccurate information, which could indicate identity theft. You are entitled to a free copy from each of the nation's three major credit bureaus every 12 months.
To learn more about protecting yourself from common financial frauds, see back issues of FDIC Consumer News at www.fdic.gov/consumernews.
The Taxman Cometh
The income tax filing season has begun and important tax documents should be arriving in your mailbox. Even though your return is not due until April, you can make tax time easier on yourself with an early start.
Here are the Internal Revenue Service's top 10 tips to ensure a smooth tax-filing process.
- Gather your records. Round up any documents you'll need when filing your taxes: receipts, canceled checks and other documents that support income or deductions you're claiming on your return.
- Be on the lookout. W-2s and 1099s will be coming soon; you'll need these to file your tax return.
- Have a question? Use the Interactive Tax Assistant available on the IRS website to find answers to your tax questions about credits, deductions, general filing questions and more.
- Use Free File. Let Free File do the hard work for you with brand-name tax software or online fillable forms. It's available exclusively at www.irs.gov. Everyone can find an option to prepare their tax return and e-file it for free. If you made $57,000 or less, you qualify to use free tax software offered through a private-public partnership with manufacturers. If you made more or are comfortable preparing your own tax return, there's Free File Fillable Forms, the electronic versions of IRS paper forms. Visit www.irs.gov/freefile to review your options.
- Try IRS e-file. IRS e-file is the safe, easy and most common way to file a tax return. Last year, 79 percent of taxpayers — 106 million people — used IRS e-file. Many tax preparers are now required to use e-file. If you owe taxes, you have payment options to file immediately and pay by the tax deadline. Best of all, the IRS issues refunds to 98 percent of electronic filers by direct deposit within 14 days, if there are no problems, and some may be issued in as few as 10 days.
- Consider other filing options. There are many options for filing your tax return. You can prepare it yourself or go to a tax preparer. You may be eligible for free face-to-face help at a volunteer site. Give yourself time to weigh all the options and find the one that best suits your needs.
- Consider direct deposit. If you elect to have your refund directly deposited into your bank account, you'll receive it faster than a paper check in the mail.
- Visit the official IRS website often. The IRS website at www.irs.gov is a great place to find everything you need to file your tax return: forms, publications, tips, answers to frequently asked questions and updates on tax law changes.
- Remember this number: 17. Check out IRS Publication 17, Your Federal Income Tax, on the IRS website. It's a comprehensive resource for taxpayers, highlighting everything you'll need to know when filing your return.
- Review! Review! Review! Don't rush. We all make mistakes when we rush. Mistakes slow down the processing of your return. Be sure to double check all the Social Security numbers and math calculations on your return as these are the most common errors. Don't panic! If you run into a problem, remember the IRS is there to help.
How Do You Deposit a Check with Your Smartphone or Tablet?
Start by taking photos ... and taking precautions
From FDIC Consumer News
Did you know you can use a smartphone or tablet to deposit a check into your account from anywhere you can access your account remotely?
Simply endorse the check (just like you would at the ATM or teller), use your mobile device to snap a photo of the front and back, and deposit the check using the Washington Trust Mobile Banking app. This service is becoming more common and more popular with consumers. Still, there are potential costs and security risks.
Review and understand any policies and fees. You can find more information about Washington Trust's Mobile Check Deposit here. “For example, find out if there is a limit on the total dollar amount or number of checks that you can deposit via remote deposit capture (RDC) in a certain time period,” said Deborah Shaw, an FDIC senior technology specialist.
Additionally, you should determine how long the bank requires you to keep the original check after you deposit it using RDC.
Confirm when the funds from your deposited check will be made available to you. Federal rules allow banking institutions to put a temporary “hold” on certain deposits, and require institutions to provide disclosures to customers stating when their funds will be available for withdrawal. “If you do not find this information on the bank’s app or website, talk to an employee,” said Luke W. Reynolds, Chief of the FDIC’s Outreach and Program Development Section. “Also confirm the cutoff time for deposits to be considered received that day; this may not be the same as the bank’s normal closing time.”
Take steps to avoid potential problems. RDC creates the risk that a check could be deposited more than once. That could happen accidentally if, for example, a wife deposits a check electronically using RDC and then her spouse, not realizing that the check is already deposited, sees the paper check and deposits it at the bank. Or, a fraudster could steal a check, alter it and attempt to deposit the funds.
Shaw advises writing “for mobile deposit only” or “deposited” on the back of the paper check and securely storing the check for as long as required according to your bank’s policies. After the bank’s recommended retention period ends, RDC users should shred the paper check.
Always monitor your accounts. As you would if you were depositing money any other way, make sure deposits and other transactions have been properly posted to your account. “You can check your account online or through the mobile app,” Shaw said. “Your bank also may provide email alerts about changes in account balances or unusual activity on your account.”
She added that your bank also may be able to notify you by email or text message when RDC deposits are posted to your account or if there is a problem with a deposit.
For more help or information regarding Mobile Check Deposit, contact our Customer Solutions Center at (800) 475-2265.